| | | | | | | | |
|
| | Log Name | Event Type | Category | Generated On | User | Source | Description
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: svchost (3144,D,35) SRUJet: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: svchost (3144,D,35) SRUJet: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: services (864,D,50) ?The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: services (864,D,12) ?The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: svchost (3144,D,40) SRUJet: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:40:56 | | ESENT | 642: svchost (3144,D,46) SRUJet: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: svchost (3536,R,98) SRUJet: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 640: Catalog Database (2040,D,35) Catalog Database: Error -1919 validating header page on flush map file "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm". The flush map file will be invalidated. Additional information: [SignDbHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignFmHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignDbHdrFromFm:Create time:10/29/2020 07:41:59.083 Rand:2650929310 Computer:] [SignFmHdrFromFm:Create time:10/29/2020 07:41:59.958 Rand:3752539688 Computer:]
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 636: Catalog Database (2040,D,35) Catalog Database: Flush map file "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm" will be deleted. Reason: ReadHdrFailed.
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 640: Catalog Database (2040,D,35) Catalog Database: Error -1919 validating header page on flush map file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm". The flush map file will be invalidated. Additional information: [SignDbHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignFmHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignDbHdrFromFm:Create time:10/29/2020 07:41:59.099 Rand:1774762616 Computer:] [SignFmHdrFromFm:Create time:10/29/2020 07:42:00.114 Rand:764643957 Computer:]
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 636: Catalog Database (2040,D,35) Catalog Database: Flush map file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm" will be deleted. Reason: ReadHdrFailed.
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: Catalog Database (2040,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:42:00 | | ESENT | 642: svchost (3536,D,50) SRUJet: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:01 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
|
| | Application | Warning | 1 | 2020-10-29 09:42:01 | | ESENT | 642: SearchIndexer (4424,D,35) Windows: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:01 | | ESENT | 642: SearchIndexer (4424,D,35) Windows: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:06 | | ESENT | 642: wuaueng.dll (6108,D,35) SUS20ClientDataStore: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:06 | | ESENT | 642: wuaueng.dll (6108,D,35) SUS20ClientDataStore: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:08 | | ESENT | 642: DllHost (6640,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:08 | | ESENT | 642: DllHost (6640,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:08 | | ESENT | 642: DllHost (7052,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:08 | | ESENT | 642: DllHost (7052,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:09 | | ESENT | 642: svchost (6392,R,98) ?The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:42:09 | | ESENT | 642: svchost (6392,D,50) ?The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:43:50 | | ESENT | 642: qmgr.dll (7536,D,35) QmgrDatabaseInstance: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:43:50 | | ESENT | 642: qmgr.dll (7536,D,35) QmgrDatabaseInstance: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | None | 2020-10-29 09:44:02 | | SecurityCenter | 16: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
|
| | Application | Warning | 1 | 2020-10-29 09:44:55 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Version Upgrade}.
|
| | Application | Warning | 1 | 2020-10-29 09:44:55 | | ESENT | 642: SearchIndexer (5296,D,35) Windows: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:44:55 | | ESENT | 642: SearchIndexer (5296,D,35) Windows: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:46:18 | | ESENT | 642: Catalog Database (2172,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:46:18 | | ESENT | 642: Catalog Database (2172,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 09:46:25 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007267C Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
|
| | Application | Warning | 1 | 2020-10-29 09:55:56 | | ESENT | 642: DllHost (4216,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:55:56 | | ESENT | 642: DllHost (4216,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 09:57:04 | | ESENT | 642: MicrosoftEdge (7900,D,35) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:57:04 | | ESENT | 642: MicrosoftEdge (7900,D,35) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 09:57:04 | | ESENT | 642: MicrosoftEdge (7900,D,60) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 09:57:06 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007267C Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
|
| | Application | Warning | 1 | 2020-10-29 10:04:49 | | ESENT | 642: DllHost (3428,D,35) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:04:49 | | ESENT | 642: DllHost (3428,D,35) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_LEGACY_IDB: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:04:49 | | ESENT | 642: DllHost (3428,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:04:49 | | ESENT | 642: DllHost (3428,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:14:22 | | ESENT | 642: svchost (8464,D,35) Unistore: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:14:22 | | ESENT | 642: svchost (8464,D,35) Unistore: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | None | 2020-10-29 10:20:39 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Warning | 1 | 2020-10-29 10:21:29 | | ESENT | 642: Catalog Database (2172,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:21:29 | | ESENT | 642: Catalog Database (2172,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 10:22:00 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007267C Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
|
| | Application | Warning | 1 | 2020-10-29 10:22:00 | | ESENT | 642: MicrosoftEdge (6312,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:00 | | ESENT | 642: MicrosoftEdge (6312,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:19 | | ESENT | 642: Catalog Database (3384,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:19 | | ESENT | 642: Catalog Database (3384,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 10:22:50 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Warning | 1 | 2020-10-29 10:22:52 | | ESENT | 642: Catalog Database (3384,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:52 | | ESENT | 642: Catalog Database (3384,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:52 | | ESENT | 642: Catalog Database (3384,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:52 | | ESENT | 642: Catalog Database (3384,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 10:22:58 | | ESENT | 642: Catalog Database (3384,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 10:26:31 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Error | None | 2020-10-29 10:26:41 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Warning | 1 | 2020-10-29 10:32:56 | | ESENT | 642: DllHost (4844,D,35) WebCacheLocal: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 10:32:56 | | ESENT | 642: DllHost (4844,D,35) WebCacheLocal: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\explorer.exe' (pid 3700) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe' (pid 5832) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe' (pid 7140) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe' (pid 7432) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\System32\SystemSettingsBroker.exe' (pid 7776) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-29 10:33:20 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\System32\Taskmgr.exe' (pid 8164) cannot be restarted - 1.
|
| | Application | Error | None | 2020-10-29 11:00:36 | | Steam Client Service | 1: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
|
| | Application | Warning | 1 | 2020-10-29 11:09:59 | | ESENT | 642: DllHost (6812,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 11:09:59 | | ESENT | 642: DllHost (6812,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 11:09:59 | | ESENT | 642: DllHost (6812,D,35) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 11:09:59 | | ESENT | 642: DllHost (6812,D,35) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | 100 | 2020-10-29 21:05:45 | | Application Error | 1000: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x1ec08aff Faulting module name: KERNELBASE.dll, version: 10.0.19041.207, time stamp: 0x746c1866 Exception code: 0xc000027b Fault offset: 0x000000000010b37c Faulting process id: 0x15a4 Faulting application start time: 0x01d6adcc9293dfe7 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 70adb7fa-6a8a-4542-9cb8-f653eac81fbe Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App
|
| | Application | Warning | 1 | 2020-10-29 21:13:36 | | ESENT | 642: MicrosoftEdge (7520,D,50) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:13:36 | | ESENT | 642: MicrosoftEdge (7520,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:13:54 | | ESENT | 642: DllHost (6812,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:13:54 | | ESENT | 642: DllHost (6812,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,R,98) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,R,98) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:19 | | ESENT | 642: Catalog Database (4600,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 21:25:27 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Warning | 1 | 2020-10-29 21:25:38 | | ESENT | 642: MicrosoftEdge (9196,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:25:38 | | ESENT | 642: MicrosoftEdge (9196,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 21:25:39 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
|
| | Application | Warning | 1 | 2020-10-29 21:27:58 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:27:58 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:28:00 | | ESENT | 642: MicrosoftEdge (8316,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:28:00 | | ESENT | 642: MicrosoftEdge (8316,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 21:29:02 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
|
| | Application | Error | None | 2020-10-29 21:36:50 | | VSS | 8194: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {ff9b6e35-5568-44a5-a28f-6880d188ce81}
|
| | Application | Warning | 1 | 2020-10-29 21:36:56 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:36:56 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-10-29 21:37:04 | sekanato | Microsoft-Windows-PerfProc | 2002: Unable to open the job object \BaseNamedObjects\WmiProviderSubSystemHostJob for query access. The calling process may not have permission to open this job. The first four bytes (DWORD) of the Data section contains the status code.
|
| | Application | Warning | 1 | 2020-10-29 21:40:58 | | ESENT | 642: DllHost (10628,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:40:58 | | ESENT | 642: DllHost (10628,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:40:59 | | ESENT | 642: DllHost (10628,D,35) Internet_NOEDP_EDGE_IDB: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:40:59 | | ESENT | 642: DllHost (10628,D,35) Internet_NOEDP_EDGE_IDB: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 21:43:23 | | ESENT | 642: Catalog Database (4776,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:43:23 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:43:23 | | ESENT | 642: Catalog Database (4776,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:43:23 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 21:43:23 | | ESENT | 642: Catalog Database (4776,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-10-29 21:48:02 | | Steam Client Service | 2: Warning: Updated file "secure_desktop_capture.exe" from version 0x0000000000000000 to version 0x000600100022002e.
|
| | Application | Warning | None | 2020-10-29 21:48:02 | | Steam Client Service | 2: Warning: Updated file "drivers.exe" from version 0x0000000000000000 to version 0x0006000000340023.
|
| | Application | Warning | None | 2020-10-29 21:48:02 | | Steam Client Service | 2: Warning: Updated file "SteamService.dll" from version 0x0000000000000000 to version 0x000600100022002e.
|
| | Application | Warning | None | 2020-10-29 21:48:26 | | Software Protection Platform Service | 1029: Unable to get detailed error information during license consumption. Last error 0xC004F015.
|
| | Application | Warning | 1 | 2020-10-29 22:12:06 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 22:12:06 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 22:12:08 | | ESENT | 642: Catalog Database (4776,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 22:12:08 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 22:12:08 | | ESENT | 642: Catalog Database (4776,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 22:12:08 | | ESENT | 642: Catalog Database (4776,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:04:37 | | ESENT | 642: Catalog Database (5256,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:04:37 | | ESENT | 642: Catalog Database (5256,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:05:28 | | ESENT | 642: MicrosoftEdge (1352,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:05:28 | | ESENT | 642: MicrosoftEdge (1352,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:03 | | ESENT | 642: Catalog Database (5256,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:03 | | ESENT | 642: Catalog Database (5256,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:03 | | ESENT | 642: Catalog Database (5256,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:03 | | ESENT | 642: Catalog Database (5256,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:05 | | ESENT | 642: Catalog Database (5256,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-29 23:09:20 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Warning | 1 | 2020-10-29 23:09:46 | | ESENT | 642: Catalog Database (4192,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:09:46 | | ESENT | 642: Catalog Database (4192,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:10:36 | | ESENT | 642: MicrosoftEdge (9392,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:10:36 | | ESENT | 642: MicrosoftEdge (9392,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:15:18 | | ESENT | 642: DllHost (6744,D,35) WebPlatStorage: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 23:15:18 | | ESENT | 642: DllHost (6744,D,35) WebPlatStorage: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-29 23:52:16 | | ESENT | 642: Catalog Database (4192,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:52:16 | | ESENT | 642: Catalog Database (4192,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:52:16 | | ESENT | 642: Catalog Database (4192,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:52:16 | | ESENT | 642: Catalog Database (4192,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-29 23:52:16 | | ESENT | 642: Catalog Database (4192,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-30 02:09:27 | sekanato | MsiInstaller | 11925: Product: RefreshRateService -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.
|
| | Application | Warning | 1 | 2020-10-30 02:25:12 | | ESENT | 642: Catalog Database (5436,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:25:12 | | ESENT | 642: Catalog Database (5436,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:26:02 | | ESENT | 642: MicrosoftEdge (13492,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:26:02 | | ESENT | 642: MicrosoftEdge (13492,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:33:59 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:33:59 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:46:20 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:46:20 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:54:18 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:54:18 | | ESENT | 642: Catalog Database (5416,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:58:06 | | ESENT | 642: MicrosoftEdge (13972,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 02:58:06 | | ESENT | 642: MicrosoftEdge (13972,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | 100 | 2020-10-30 03:29:10 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.207, time stamp: 0xae908b72 Exception code: 0xc0020001 Fault offset: 0x00129862 Faulting process id: 0x2e10 Faulting application start time: 0x01d6ae545f591fde Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 964afd2c-28bb-4433-8a4b-d1b4186cb5d7 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Error | 100 | 2020-10-30 03:29:12 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.207, time stamp: 0xae908b72 Exception code: 0xc000041d Fault offset: 0x00129862 Faulting process id: 0x2e10 Faulting application start time: 0x01d6ae545f591fde Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 4ee1d793-7176-4435-b063-9c5e61a8fbb0 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Warning | 1 | 2020-10-30 03:29:56 | | ESENT | 642: Catalog Database (4540,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:29:56 | | ESENT | 642: Catalog Database (4540,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:30:46 | | ESENT | 642: MicrosoftEdge (3112,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:30:46 | | ESENT | 642: MicrosoftEdge (3112,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:34:54 | | ESENT | 642: Catalog Database (4540,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:34:54 | | ESENT | 642: Catalog Database (4540,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:48:43 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:48:43 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:49:34 | | ESENT | 642: MicrosoftEdge (2348,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 03:49:34 | | ESENT | 642: MicrosoftEdge (2348,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:11:33 | | ESENT | 642: MicrosoftEdge (4672,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:11:33 | | ESENT | 642: MicrosoftEdge (4672,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-30 04:11:47 | SYSTEM | Microsoft-Windows-RestartManager | 10007: Application or service 'ROG Live Service' could not be restarted.
|
| | Application | Warning | 1 | 2020-10-30 04:15:14 | | ESENT | 642: Catalog Database (4720,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:15:14 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:15:14 | | ESENT | 642: Catalog Database (4720,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:15:14 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:15:14 | | ESENT | 642: Catalog Database (4720,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-10-30 04:21:34 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe' (pid 2396) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-30 04:21:34 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe' (pid 10176) cannot be restarted - 1.
|
| | Application | Warning | 1 | 2020-10-30 04:21:47 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:47 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:49 | | ESENT | 642: Catalog Database (4720,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:49 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:49 | | ESENT | 642: Catalog Database (4720,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:49 | | ESENT | 642: Catalog Database (4720,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 04:21:49 | | ESENT | 642: Catalog Database (4720,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-30 05:04:49 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Error | None | 2020-10-30 05:04:49 | | VSS | 8193: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . ?
|
| | Application | Error | None | 2020-10-30 05:05:19 | | Microsoft-Windows-CAPI2 | 257: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,35) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,35) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:05:19 | | ESENT | 642: Catalog Database (3832,D,40) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | None | 2020-10-30 05:05:36 | SYSTEM | Microsoft-Windows-WMI | 63: A provider, DMWmiBridgeProv1, has been registered in the Windows Management Instrumentation namespace root\cimv2\mdm\dmmap to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
|
| | Application | Warning | 1 | 2020-10-30 05:07:17 | | Windows Search Service | 1008: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Version Upgrade}.
|
| | Application | Warning | 1 | 2020-10-30 05:07:17 | | ESENT | 642: SearchIndexer (10080,D,35) Windows: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-30 05:07:17 | | ESENT | 642: SearchIndexer (10080,D,35) Windows: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-30 05:08:09 | | ESENT | 642: MicrosoftEdge (2800,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:08:09 | | ESENT | 642: MicrosoftEdge (2800,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:08:09 | | ESENT | 642: MicrosoftEdge (2800,D,46) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 05:08:09 | | ESENT | 642: MicrosoftEdge (2800,D,46) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | 100 | 2020-10-30 05:10:58 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d Exception code: 0xc0020001 Fault offset: 0x00129ab2 Faulting process id: 0x2170 Faulting application start time: 0x01d6ae69bdc436df Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 1d7ca418-1b9a-4a57-8fe5-13fa8d4011ff Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Warning | 1 | 2020-10-30 22:43:22 | | ESENT | 642: Catalog Database (4876,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 22:43:22 | | ESENT | 642: Catalog Database (4876,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 22:44:12 | | ESENT | 642: MicrosoftEdge (12976,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-30 22:44:13 | | ESENT | 642: MicrosoftEdge (12976,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-10-30 22:48:45 | | Firefox Default Browser Agent | 0:
|
| | Application | Error | None | 2020-10-30 22:48:45 | | Firefox Default Browser Agent | 12007:
|
| | Application | Error | None | 2020-10-30 23:59:15 | | .NET Runtime | 1026: Application: ArmourySwAgent.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0020001, exception address 776D9AB2 Stack: at ArmourySwAgent.MessageReceiver.DefWindowProcW(IntPtr, UInt32, IntPtr, IntPtr) at ArmourySwAgent.MessageReceiver.CustomWndProc(IntPtr, UInt32, IntPtr, IntPtr)
|
| | Application | Error | 100 | 2020-10-30 23:59:16 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d Exception code: 0xc0020001 Fault offset: 0x00129ab2 Faulting process id: 0x2cc0 Faulting application start time: 0x01d6aefd5f7defaf Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: a3e7f1f4-c92c-4e20-9a1e-512fffeaaa09 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Error | 100 | 2020-10-30 23:59:17 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d Exception code: 0xc000041d Fault offset: 0x00129ab2 Faulting process id: 0x2cc0 Faulting application start time: 0x01d6aefd5f7defaf Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: f08f5325-1326-4273-8b60-52876bc337ba Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Warning | 1 | 2020-10-31 01:53:40 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 01:53:40 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 01:53:49 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 01:53:49 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 01:54:51 | | ESENT | 642: MicrosoftEdge (13848,R,98) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 01:54:51 | | ESENT | 642: MicrosoftEdge (13848,D,12) C:\Users\sekanato\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:27 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:27 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:34 | | ESENT | 642: Catalog Database (4848,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:34 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:34 | | ESENT | 642: Catalog Database (4848,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:34 | | ESENT | 642: Catalog Database (4848,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:26:34 | | ESENT | 642: Catalog Database (4848,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-10-31 02:26:37 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\System32\ASUSACCI\ArmouryCrateKeyControl.exe' (pid 9120) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-31 02:26:37 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe' (pid 8288) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-31 02:26:37 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe' (pid 1960) cannot be restarted - 1.
|
| | Application | Warning | None | 2020-10-31 02:26:37 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_34ba03d292044348\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe' (pid 2272) cannot be restarted - 1.
|
| | Application | Error | None | 2020-10-31 02:27:48 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Error | None | 2020-10-31 02:27:48 | | VSS | 8193: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . ?
|
| | Application | Warning | 1 | 2020-10-31 02:28:15 | | ESENT | 642: Catalog Database (4320,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:28:15 | | ESENT | 642: Catalog Database (4320,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:28:48 | | ESENT | 642: msedge (12608,R,98) EdgeDataImporter: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-31 02:29:56 | | ESENT | 642: msedge (2140,R,98) EdgeDataImporter: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-31 02:48:38 | | ESENT | 642: Catalog Database (4320,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:48:38 | | ESENT | 642: Catalog Database (4320,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:48:38 | | ESENT | 642: Catalog Database (4320,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:48:38 | | ESENT | 642: Catalog Database (4320,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 02:48:38 | | ESENT | 642: Catalog Database (4320,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 03:00:08 | | ESENT | 642: svchost (2344,D,35) DS_Token_DB: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Warning | 1 | 2020-10-31 03:00:08 | | ESENT | 642: svchost (2344,D,35) DS_Token_DB: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x40000001 (JET_efvUseEngineDefault).
|
| | Application | Error | 100 | 2020-10-31 03:37:55 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d Exception code: 0xc0020001 Fault offset: 0x00129ab2 Faulting process id: 0x2104 Faulting application start time: 0x01d6af1cc7289553 Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: 757248e5-a47b-40b5-a237-a52739bd3936 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Error | 100 | 2020-10-31 03:37:57 | | Application Error | 1000: Faulting application name: ArmourySwAgent.exe, version: 1.0.0.13, time stamp: 0x5f7c2bb8 Faulting module name: KERNELBASE.dll, version: 10.0.19041.572, time stamp: 0x979ddb1d Exception code: 0xc000041d Fault offset: 0x00129ab2 Faulting process id: 0x2104 Faulting application start time: 0x01d6af1cc7289553 Faulting application path: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe Faulting module path: C:\Windows\System32\KERNELBASE.dll Report Id: b787d040-15ce-4303-bb01-0b7c9c242d95 Faulting package full name: ? Faulting package-relative application ID: ?
|
| | Application | Warning | 1 | 2020-10-31 17:49:49 | | ESENT | 642: Catalog Database (4348,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-10-31 17:49:49 | | ESENT | 642: Catalog Database (4348,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-01 20:31:05 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-01 20:31:05 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-11-01 20:41:15 | SYSTEM | Microsoft-Windows-RestartManager | 10010: Application 'C:\Windows\System32\fontdrvhost.exe' (pid 1656) cannot be restarted - 1.
|
| | Application | Warning | 1 | 2020-11-01 20:42:19 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-01 20:42:19 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-11-02 05:17:52 | sekanato | Microsoft-Windows-PerfProc | 2002: Unable to open the job object \BaseNamedObjects\WmiProviderSubSystemHostJob for query access. The calling process may not have permission to open this job. The first four bytes (DWORD) of the Data section contains the status code.
|
| | Application | Warning | 1 | 2020-11-02 05:39:54 | | ESENT | 642: Video.UI (10048,D,35) {84C9DBAD-8BF2-4F86-99FE-CCBC41E0B68D}: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:39:54 | | ESENT | 642: Video.UI (10048,D,35) {84C9DBAD-8BF2-4F86-99FE-CCBC41E0B68D}: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:39:54 | | ESENT | 642: Video.UI (10048,D,60) {84C9DBAD-8BF2-4F86-99FE-CCBC41E0B68D}: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:39:54 | | ESENT | 642: Video.UI (10048,D,2) {84C9DBAD-8BF2-4F86-99FE-CCBC41E0B68D}: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:39:54 | | ESENT | 642: Video.UI (10048,D,2) {84C9DBAD-8BF2-4F86-99FE-CCBC41E0B68D}: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:49:52 | | ESENT | 642: Catalog Database (4496,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:49:52 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:49:52 | | ESENT | 642: Catalog Database (4496,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 05:49:52 | | ESENT | 642: Catalog Database (4496,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 06:24:22 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 06:24:22 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | None | 2020-11-02 06:25:52 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Error | None | 2020-11-02 06:25:52 | | VSS | 8193: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . ?
|
| | Application | Warning | 1 | 2020-11-02 16:40:25 | | ESENT | 642: Catalog Database (5224,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:40:25 | | ESENT | 642: Catalog Database (5224,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:40:56 | | ESENT | 642: Catalog Database (5224,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:40:56 | | ESENT | 642: Catalog Database (5224,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:40:56 | | ESENT | 642: Catalog Database (5224,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:40:56 | | ESENT | 642: Catalog Database (5224,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-02 16:41:11 | | ESENT | 642: Catalog Database (5224,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Error | 100 | 2020-11-02 23:12:12 | | Application Error | 1000: Faulting application name: DllHost.exe, version: 10.0.19041.546, time stamp: 0xb850de5d Faulting module name: combase.dll, version: 10.0.19041.572, time stamp: 0x3dacb7ed Exception code: 0xc0000005 Fault offset: 0x000aa772 Faulting process id: 0x10a0 Faulting application start time: 0x01d6b130dc72eff5 Faulting application path: C:\Windows\SysWOW64\DllHost.exe Faulting module path: C:\Windows\System32\combase.dll Report Id: fa944b0e-83ca-4488-8d01-d283c7261b61 Faulting package full name: Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c Faulting package-relative application ID: App
|
| | Application | Error | None | 2020-11-02 23:44:31 | | VSS | 13: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] ?
|
| | Application | Error | None | 2020-11-02 23:44:31 | | VSS | 8193: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . ?
|
| | Application | Warning | 1 | 2020-11-03 13:58:49 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 13:58:49 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 14:02:49 | | ESENT | 642: Catalog Database (4248,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 14:02:49 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 14:02:49 | | ESENT | 642: Catalog Database (4248,D,50) Catalog Database: The database format feature version 9180 (0x23dc) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 14:02:49 | | ESENT | 642: Catalog Database (4248,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 14:02:49 | | ESENT | 642: Catalog Database (4248,D,22) Catalog Database: The database format feature version 9120 (0x23a0) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | None | 2020-11-03 14:05:42 | | Outlook | 55: Calendar Folder New Download
|
| | Application | Warning | None | 2020-11-03 14:06:01 | | Outlook | 25: Outlook is setting up a local copy of your mailbox. It may be several minutes until all of your data is available.
|
| | Application | Warning | 1 | 2020-11-03 16:35:38 | | ESENT | 642: Catalog Database (5268,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Application | Warning | 1 | 2020-11-03 16:35:38 | | ESENT | 642: Catalog Database (5268,D,12) Catalog Database: The database format feature version 9080 (0x2378) could not be used due to the current database format 1568.20.0, controlled by the parameter 0x410022D8 (8920 | JET_efvAllowHigherPersistedFormat).
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ru\WindowsFormsIntegration.resources.dll Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\Microsoft.Build.Conversion.v3.5.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\Microsoft.Build.Engine.resources.dll Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\Microsoft.Build.Utilities.v3.5.resources.dll Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.DataSetExtensions.Resources.dll Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Entity.Design.Resources.dll Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Entity.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Linq.Resources.dll Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Services.Client.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Services.Design.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Data.Services.resources.dll Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Management.Instrumentation.Resources.dll Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Net.Resources.dll Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Web.Entity.Design.Resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Web.Entity.Resources.dll Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Windows.Presentation.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ru\System.Xml.Linq.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\ru-RU\ImagingDevices.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\ru-RU\PhotoAcq.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ru-RU\resource.xml Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ru-RU\resource.xml Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\ru-RU\confident.cov Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\ru-RU\fyi.cov Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\ru-RU\generic.cov Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\ru-RU\urgent.cov Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\ru-RU\WelcomeFax.tif Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\ru-RU\AcRes.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\PCAT\ru-RU\bootfix.bin Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Resources\ru-RU\bootres.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Branding\Basebrd\ru-RU\basebrd.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\ru-RU Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\scheduled\Maintenance\ru-RU\DiagPackage.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\ru-RU Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Apps\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\ru-RU Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Audio\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\ru-RU Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\BITS\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Bluetooth\ru-RU Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Bluetooth\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Bluetooth\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\ru-RU Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Device\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\ru-RU Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\DeviceCenter\ru-RU\DiagPackage.dll.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\IEBrowseWeb_TroubleShooter.psd1 Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\RS_DisableAddon.psd1 Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\RS_DisableAddonLoadingTime.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\RS_ResetCacheSize.psd1 Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\RS_Resetpagesyncpolicy.psd1 Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IEBrowseWeb\ru-RU\RS_RestoreIEconnection.psd1 Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU\DiagPackage.dll.mui Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU\IESecurity_TroubleShooter.psd1 Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU\RS_Blockpopups.psd1 Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU\RS_IESecuritylevels.psd1 Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\IESecurity\ru-RU\RS_PhishingFilter.psd1 Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Keyboard\ru-RU Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Keyboard\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Keyboard\ru-RU\DiagPackage.dll.mui Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\ru-RU Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\ru-RU\DiagPackage.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Networking\ru-RU\LocalizationData.psd1 Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\ru-RU Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\PCW\ru-RU\DiagPackage.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\DiagPackage.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\Power_Troubleshooter.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_AdjustDimDisplay.psd1 Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_AdjustScreenBrightness.psd1 Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_Adjustwirelessadaptersettings.psd1 Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_Balanced.psd1 Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_ChangeProcessorState.psd1 Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_DisableScreensaver.psd1 Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_DisableUSBSelective.psd1 Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_ResetDisplayIdleTimeout.psd1 Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_ResetIdleDiskTimeout.psd1 Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Power\ru-RU\RS_ResetIdleSleepsetting.psd1 Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\ru-RU Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\ru-RU\CL_LocalizationData.psd1 Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Printer\ru-RU\DiagPackage.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\ru-RU Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Search\ru-RU\DiagPackage.dll.mui Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Speech\ru-RU Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Speech\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Speech\ru-RU\DiagPackage.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\ru-RU Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\Video\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\ru-RU Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\ru-RU\DiagPackage.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\ru-RU Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerMediaLibrary\ru-RU\DiagPackage.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\ru-RU Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\ru-RU\CL_LocalizationData.psd1 Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsMediaPlayerPlayDVD\ru-RU\DiagPackage.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\ru-RU Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\ru-RU\CL_LocalizationData.psd1 Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\diagnostics\system\WindowsUpdate\ru-RU\DiagPackage.dll.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\cliconf.chm Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\mmc.CHM Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\msdasc.chm Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\msorcl32.chm Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\odbcinst.chm Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\odbcjet.chm Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\sqlsodbc.chm Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Help\mui\0419\sqlsoldb.chm Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\IME\ru-RU\SpTip.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\pris\resources.ru-RU.pri Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\ru-RU Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\ru-RU\SystemSettings.exe.mui Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET CLR Data\0419\_DataPerfCounters_d.ini Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET CLR Networking\0419\_Networkingperfcounters_v2_d.ini Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET CLR Networking 4.0.0.0\0419\_Networkingperfcounters_d.ini Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET Data Provider for Oracle\0419\_DataOracleClientPerfCounters_shared12_neutral_d.ini Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET Data Provider for SqlServer\0419\_dataperfcounters_shared12_neutral_d.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NET Memory Cache 4.0\0419\netmemorycache_d.ini Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\.NETFramework\0419\corperfmonsymbols_d.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\BITS\0419\bitsctrs.ini Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\ESENT\0419\esentprf.ini Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\LSM\0419\lagcounterdef.ini Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\MSDTC\0419\msdtcprf.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\MSDTC Bridge 3.0.0.0\0419\_TransactionBridgePerfCounters_D.ini Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\MSDTC Bridge 4.0.0.0\0419\_TransactionBridgePerfCounters_d.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\rdyboost\0419\ReadyBoostPerfCounters.ini Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\RemoteAccess\0419\rasctrs.ini Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\ServiceModelEndpoint 3.0.0.0\0419\_ServiceModelEndpointPerfCounters_D.ini Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\ServiceModelOperation 3.0.0.0\0419\_ServiceModelOperationPerfCounters_D.ini Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\ServiceModelService 3.0.0.0\0419\_ServiceModelServicePerfCounters_D.ini Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\SMSvcHost 3.0.0.0\0419\_SMSvcHostPerfCounters_D.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\SMSvcHost 4.0.0.0\0419\_SMSvcHostPerfCounters_d.ini Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\TAPISRV\0419 Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\TAPISRV\0419\tapiperf.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\TermService\0419\tslabels.ini Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\UGatherer\0419\gsrvctr.ini Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\UGTHRSVC\0419\gthrctr.ini Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\usbhub\0419\usbperf.ini Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\0419\PerfCounters_D.ini Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\Windows Workflow Foundation 4.0.0.0\0419\PerfCounters_d.ini Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\wsearchidxpi\0419\idxcntrs.ini Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\1049\alinkui.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\1049\cscompui.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\1049\CvtResUI.dll Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\1049\vbc7ui.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\1049\Vsavb7rtUI.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\GAC\RU\Microsoft.VisualBasic.Compatibility.Data.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\GAC\RU\Microsoft.VisualBasic.Compatibility.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MUI\0419\mscorsecr.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\aspnet_compiler.resources.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\aspnet_rc.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\aspnet_regbrowsers.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\aspnet_regsql.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\aspnetmmcext.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\caspol.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\InstallUtil.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\JSC.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Microsoft.Build.Engine.resources.dll Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Microsoft.Build.Tasks.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Microsoft.Build.Utilities.Resources.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Microsoft.JScript.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Microsoft.VisualBasic.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\MSBuild.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\mscorlib.resources.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\mscorrc.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\Regasm.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\ShFusRes.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\sysglobl.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Configuration.Install.resources.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Configuration.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Data.OracleClient.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Data.resources.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\system.data.sqlxml.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Deployment.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Design.resources.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.DirectoryServices.Protocols.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.DirectoryServices.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Drawing.Design.resources.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Drawing.resources.dll Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.EnterpriseServices.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Management.resources.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Messaging.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\system.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Runtime.Remoting.resources.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Runtime.Serialization.Formatters.Soap.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Security.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.ServiceProcess.resources.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Transactions.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Web.Mobile.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Web.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Web.Services.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.Windows.Forms.resources.dll Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ru\System.xml.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\ru\PresentationUI.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\ru-RU\PresentationHostDLL.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\1049\cscompui.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\1049\vbc7ui.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\ru\DataSvcUtil.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\ru\EdmGen.Resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\ru\Microsoft.Build.Tasks.v3.5.resources.dll Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\ru\Microsoft.Data.Entity.Build.Tasks.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.5\ru\MSBuild.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\alinkui.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\clretwrc.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\cscui.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\CvtResUI.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\dv_aspnetmmc.chm Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\FileTrackerUI.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\Microsoft.VisualBasic.Activities.CompilerUI.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\mscoreeis.dll Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\mscorees.dll Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\mscorsecr.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\1049\vbc7ui.dll Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\AppConfigCommon.ru.resx Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_GlobalResources\GlobalResources.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\default.aspx.ru.resx Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\error.aspx.ru.resx Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home0.aspx.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home1.aspx.ru.resx Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\home2.aspx.ru.resx Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\navigationBar.ascx.ru.resx Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp.aspx.ru.resx Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Application.aspx.ru.resx Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Internals.aspx.ru.resx Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Provider.aspx.ru.resx Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\App_LocalResources\WebAdminHelp_Security.aspx.ru.resx Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.ru.resx Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppSetting.ascx.ru.resx Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\CreateAppSetting.aspx.ru.resx Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DebugAndTrace.aspx.ru.resx Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DefineErrorPage.aspx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\EditAppSetting.aspx.ru.resx Handle ID: 0xb794 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\ManageAppSettings.aspx.ru.resx Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\SmtpSettings.aspx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\chooseProviderManagement.aspx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageconsolidatedProviders.aspx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\manageProviders.aspx.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Providers\App_LocalResources\providerList.ascx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security.aspx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\security0.aspx.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\App_LocalResources\setUpAuthentication.aspx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\createPermission.aspx.ru.resx Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\App_LocalResources\managePermissions.aspx.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageAllRoles.aspx.ru.resx Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.ru.resx Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\addUser.aspx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\editUser.aspx.ru.resx Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\findUsers.aspx.ru.resx Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\manageUsers.aspx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\confirmation.ascx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizard.aspx.ru.resx Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAddUser.ascx.ru.resx Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardAuthentication.ascx.ru.resx Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardCreateRoles.ascx.ru.resx Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardFinish.ascx.ru.resx Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardInit.ascx.ru.resx Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardPermission.ascx.ru.resx Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\App_LocalResources\wizardProviderInfo.ascx.ru.resx Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\AddInUtil.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet.mfl Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet.mfl.uninstall Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet_compiler.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet_rc.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet_regbrowsers.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\aspnet_regsql.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\caspol.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\ComSvcConfig.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\CustomMarshalers.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\DataSvcUtil.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\EdmGen.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\InstallUtil.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\JSC.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Activities.Build.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Build.Conversion.v4.0.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Build.Engine.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Build.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Build.Tasks.v4.0.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Build.Utilities.v4.0.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.CSharp.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Data.Entity.Build.Tasks.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.JScript.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Transactions.Bridge.Dtc.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Transactions.Bridge.resources.dll Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.VisualBasic.Compatibility.Data.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.VisualBasic.Compatibility.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.VisualBasic.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Microsoft.Workflow.Compiler.resources.dll Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\MSBuild.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\mscorlib.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\mscorrc.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\Regasm.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\SMDiagnostics.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\SMSvcHost.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\sysglobl.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Activities.Core.Presentation.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Activities.DurableInstancing.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Activities.Presentation.resources.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Activities.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.AddIn.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ComponentModel.Composition.Registration.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ComponentModel.Composition.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ComponentModel.DataAnnotations.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Configuration.Install.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Configuration.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Core.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.DataSetExtensions.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Entity.Design.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Entity.resources.dll Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Linq.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.OracleClient.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Services.Client.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Services.Design.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Data.Services.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\system.data.sqlxml.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Deployment.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Design.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Device.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.DirectoryServices.AccountManagement.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.DirectoryServices.Protocols.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.DirectoryServices.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Drawing.Design.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Drawing.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Dynamic.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.EnterpriseServices.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IdentityModel.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IdentityModel.Selectors.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IdentityModel.Services.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IO.Compression.FileSystem.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IO.Compression.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.IO.Log.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Management.Instrumentation.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Management.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Messaging.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Net.Http.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Net.Http.WebRequest.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Net.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Numerics.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Numerics.Vectors.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Reflection.Context.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.Caching.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.DurableInstancing.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.Remoting.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.Serialization.Formatters.Soap.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.RunTime.Serialization.resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.WindowsRuntime.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Runtime.WindowsRuntime.UI.Xaml.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Security.resources.dll Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Activation.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Activities.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Channels.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Discovery.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Internals.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Routing.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceModel.Web.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.ServiceProcess.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Transactions.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Abstractions.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.ApplicationServices.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.DataVisualization.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.DynamicData.Design.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.DynamicData.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Entity.Design.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Entity.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Extensions.Design.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Extensions.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Mobile.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Routing.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Web.Services.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Windows.Forms.DataVisualization.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Windows.Forms.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Workflow.Activities.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Workflow.ComponentModel.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Workflow.Runtime.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.WorkflowServices.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Xaml.Hosting.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Xaml.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.Xml.Linq.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\System.xml.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\WsatConfig.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\XamlBuildTask.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru\XsdBuildTask.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\Microsoft.Windows.ApplicationServer.Applications.dll.mui Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\ServiceModelEvents.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\ServiceModelInstallRC.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\ServiceModelPerformanceCounters.dll.mui Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\ServiceModelRegUI.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ru-RU\WorkflowServiceHostPerformanceCounters.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\DropSqlPersistenceProviderLogic.sql Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\DropSqlPersistenceProviderSchema.sql Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\DropSqlWorkflowInstanceStoreLogic.sql Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\DropSqlWorkflowInstanceStoreSchema.sql Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlPersistenceProviderLogic.sql Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlPersistenceProviderSchema.sql Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlPersistenceService_Logic.sql Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlPersistenceService_Schema.sql Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlWorkflowInstanceStoreLogic.sql Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlWorkflowInstanceStoreSchema.sql Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\SqlWorkflowInstanceStoreSchemaUpgrade.sql Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\Tracking_Logic.sql Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ru\Tracking_Schema.sql Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\PresentationBuildTasks.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\PresentationCore.resources.dll Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\PresentationFramework.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\PresentationUI.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\ReachFramework.resources.dll Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\System.Printing.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\System.Speech.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\System.Windows.Controls.Ribbon.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\System.Windows.Input.Manipulations.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\System.Windows.Presentation.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\UIAutomationClient.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\UIAutomationClientsideProviders.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\UIAutomationProvider.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\UIAutomationTypes.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\WindowsBase.resources.dll Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru\WindowsFormsIntegration.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ru-RU\PresentationHost_v0400.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1049\alinkui.dll Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1049\cscompui.dll Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1049\CvtResUI.dll Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1049\vbc7ui.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MUI\0419\mscorsecr.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\aspnet_compiler.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\aspnet_rc.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\aspnet_regbrowsers.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\aspnet_regsql.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\aspnetmmcext.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\caspol.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\InstallUtil.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\JSC.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Microsoft.Build.Engine.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Microsoft.Build.Tasks.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Microsoft.Build.Utilities.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Microsoft.JScript.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Microsoft.VisualBasic.Resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\MSBuild.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\mscorlib.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\mscorrc.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\Regasm.resources.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\ShFusRes.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\sysglobl.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Configuration.Install.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Configuration.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Data.OracleClient.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Data.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\system.data.sqlxml.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Deployment.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Design.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.DirectoryServices.Protocols.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.DirectoryServices.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Drawing.Design.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Drawing.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.EnterpriseServices.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Management.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Messaging.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\system.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Runtime.Remoting.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Runtime.Serialization.Formatters.Soap.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Security.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.ServiceProcess.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Transactions.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Web.Mobile.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Web.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Web.Services.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.Windows.Forms.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ru\System.xml.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\ComSvcConfig.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\Microsoft.Transactions.Bridge.Dtc.Resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\Microsoft.Transactions.Bridge.Resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\ServiceModelReg.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\SMDiagnostics.resources.dll Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\SMSvcHost.resources.dll Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\System.ServiceModel.Install.Resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru\WsatConfig.resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru-RU\ServiceModelEvents.dll.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ru-RU\ServiceModelInstallRC.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ru\PresentationUI.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\ru-RU\PresentationHostDLL.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\1049\cscompui.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\1049\vbc7ui.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\ru\DataSvcUtil.resources.dll Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\ru\EdmGen.Resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\ru\Microsoft.Build.Tasks.v3.5.resources.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\ru\Microsoft.Data.Entity.Build.Tasks.Resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.5\ru\MSBuild.resources.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\alinkui.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\clretwrc.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\cscui.dll Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\CvtResUI.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\FileTrackerUI.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\Microsoft.VisualBasic.Activities.CompilerUI.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\mscoreeis.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\mscorees.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\mscorsecr.dll Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1049\vbc7ui.dll Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru\aspnet_rc.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru\mscorrc.dll Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\Microsoft.Windows.ApplicationServer.Applications.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\ServiceModelEvents.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\ServiceModelInstallRC.dll.mui Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\ServiceModelPerformanceCounters.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\ServiceModelRegUI.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ru-RU\WorkflowServiceHostPerformanceCounters.dll.mui Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ru-RU\PresentationHost_v0400.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Common.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Configuration.xml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.CPU.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Diagnostics.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Disk.xml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Memory.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.NetDiagFramework.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Network.xml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Performance.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Summary.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Wired.xml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Reports\ru-RU\Report.System.Wireless.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Common.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Configuration.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.CPU.xml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Diagnostics.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Disk.xml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Finale.xml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Memory.xml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.NetDiagFramework.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Network.xml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Performance.xml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Summary.xml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Wired.xml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PLA\Rules\ru-RU\Rules.System.Wireless.xml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ActiveXInstallService.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AddRemovePrograms.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AllowBuildPreview.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AppCompat.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AppHVSI.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AppPrivacy.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\appv.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AppxPackageManager.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AppXRuntime.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AttachmentManager.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AuditSettings.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AutoPlay.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\AVSValidationGP.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Biometrics.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Bits.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Camera.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CEIPEnable.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CipherSuiteOrder.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CloudContent.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\COM.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Conf.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ControlPanel.adml Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ControlPanelDisplay.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Cpls.adml Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CredentialProviders.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CredSsp.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CredUI.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CtrlAltDel.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DataCollection.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DCOM.adml Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeliveryOptimization.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Desktop.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeviceCompat.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeviceCredential.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeviceGuard.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeviceInstallation.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DeviceSetup.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DFS.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DigitalLocker.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DiskDiagnostic.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DiskNVCache.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DiskQuota.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Display.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DistributedLinkTracking.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DmaGuard.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DnsClient.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DWM.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EAIME.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EarlyLaunchAM.adml Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EdgeUI.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EncryptFilesonMove.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EnhancedStorage.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ErrorReporting.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EventForwarding.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EventLog.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EventLogging.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\EventViewer.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ExploitGuard.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Explorer.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ExternalBoot.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FeedbackNotifications.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FileHistory.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FileRecovery.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FileRevocation.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FileServerVSSProvider.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FileSys.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FindMy.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FolderRedirection.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\FramePanes.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\fthsvc.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\GameDVR.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Globalization.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\GroupPolicy.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Handwriting.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Help.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\HelpAndSupport.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\hotspotauth.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ICM.adml Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\IIS.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\InetRes.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\InkWatson.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\iSCSI.adml Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\KDC.adml Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Kerberos.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\LanmanServer.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\LanmanWorkstation.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\LeakDiagnostic.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\LinkLayerTopologyDiscovery.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\LocationProviderAdm.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Logon.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MDM.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Messaging.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MicrosoftEdge.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MMC.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MMCSnapins.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MobilePCMobilityCenter.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MobilePCPresentationSettings.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MSAPolicy.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\msched.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MSDT.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Msi-FileRecovery.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\MSI.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\nca.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\NCSI.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Netlogon.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\NetworkConnections.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\NetworkIsolation.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\NetworkProvider.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\OfflineFiles.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\OOBE.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\OSPolicy.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\P2P-pnrp.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Passport.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\pca.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PeerToPeerCaching.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PenTraining.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PerformanceDiagnostics.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PerformancePerftrack.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Power.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PowerShellExecutionPolicy.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PreviousVersions.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Printing.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Printing2.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Programs.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\PushToInstall.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\QOS.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\RacWmiProv.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Radar.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ReAgent.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Reliability.adml Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\RemoteAssistance.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\RemovableStorage.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\RPC.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Scripts.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\sdiageng.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\sdiagschd.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Search.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SearchOCR.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Securitycenter.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Sensors.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ServerManager.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ServiceControlManager.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Servicing.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SettingSync.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Setup.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ShapeCollector.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SharedFolders.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Sharing.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Shell-CommandPrompt-RegEditTools.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\ShellWelcomeCenter.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Sidebar.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SkyDrive.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Smartcard.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SmartScreen.adml Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Snmp.adml Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SoundRec.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Speech.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\srm-fci.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\StartMenu.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\StorageHealth.adml Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\StorageSense.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\SystemRestore.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TabletPCInputPanel.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TabletShell.adml Handle ID: 0xb7ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Taskbar.adml Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TaskScheduler.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\tcpip.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TerminalServer.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TextInput.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Thumbnails.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TouchInput.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\TPM.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\UserExperienceVirtualization.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\UserProfiles.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\VolumeEncryption.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\W32Time.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WCM.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WDI.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WinCal.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Windows.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsAnytimeUpgrade.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsBackup.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsColorSystem.adml Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsConnectNow.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsDefender.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsDefenderSecurityCenter.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsExplorer.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsFileProtection.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsFirewall.adml Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsInkWorkspace.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsMediaDRM.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsMediaPlayer.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsMessenger.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsProducts.adml Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsRemoteManagement.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsRemoteShell.adml Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsStore.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsUpdate.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WinInit.adml Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WinLogon.adml Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WinMaps.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Winsrv.adml Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WirelessDisplay.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\wlansvc.adml Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WordWheel.adml Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WorkFolders-Client.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WorkplaceJoin.adml Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WPN.adml Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\wwansvc.adml Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Resources\Themes\aero\ru-RU\aero.msstyles.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Resources\Themes\aero\ru-RU\aerolite.msstyles.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\bfsvc.exe.mui Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\bootfix.bin Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\explorer.exe.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\helppane.exe.mui Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\hh.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\regedit.exe.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\twain_32.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ru-RU\winhlp32.exe.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\ru-RU\CbsMsg.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\ru-RU\TrustedInstaller.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\ru-RU\winload.efi.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\ru-RU\winload.exe.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\ru-RU\winresume.efi.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\ru-RU\winresume.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Com\ru-RU\comrepl.exe.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Com\ru-RU\MigRegDB.exe.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Configuration\BaseRegistration\ru-RU\BaseResource.Schema.mfl Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Configuration\BaseRegistration\ru-RU\MSFT_DSCMetaConfiguration.mfl Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Configuration\BaseRegistration\ru-RU\MSFT_MetaConfigurationExtensionClasses.Schema.mfl Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Configuration\Registration\MSFT_FileDirectoryConfiguration\ru-RU\MSFT_FileDirectoryConfiguration.Registration.mfl Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Configuration\Schema\MSFT_FileDirectoryConfiguration\ru-RU\MSFT_FileDirectoryConfiguration.Schema.mfl Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\ru-RU\DiagnosticsHub.StandardCollector.ServiceRes.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\AppxProvider.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\AssocProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\CbsProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\DismCore.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\DismProv.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\DmiProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\FfuProvider.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\FolderProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\GenericProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\ImagingProvider.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\IntlProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\LogProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\MsiProvider.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\OfflineSetupProvider.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\OSProvider.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\ProvProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\SetupPlatformProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\SmiProvider.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\TransmogProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\UnattendProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\VhdProvider.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ru-RU\WimProvider.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\acpi.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\afd.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\agilevpn.sys.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ataport.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\bthenum.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\bthport.sys.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\BTHUSB.SYS.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\CAD.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\cdrom.sys.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\cmimcext.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\cxwmbclass.sys.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\disk.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\dmvsc.sys.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\dumpsd.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\EhStorTcgDrv.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\fltmgr.sys.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\fvevol.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\hidbatt.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\hidbth.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\hidclass.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\hnswfpdriver.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\http.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\i8042prt.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\IndirectKmd.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\iorate.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\IPMIDRV.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\isapnp.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\kbdclass.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\kbdhid.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\l2bridge.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\luafv.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\Microsoft.Bluetooth.AvrcpTransport.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\modem.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mouclass.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mouhid.sys.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mountmgr.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mrxsmb.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mshidumdf.sys.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mslldp.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mssecflt.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mssmbios.sys.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\MTConfig.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\mup.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ndis.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ndiscap.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\NdisImPlatform.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ndisuio.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\NdisVirtualBus.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\netvsc.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ntfs.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\nvdimm.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\nwifi.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pacer.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\parport.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\partmgr.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pci.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pcmcia.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pdc.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\PktMon.sys.mui Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pmem.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pnpmem.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\processr.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\pvhdparser.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\qwavedrv.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\rdbss.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\rdpdr.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\rdvgkmd.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\refs.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\refsv1.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\rfxvmt.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\scfilter.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\scmbus.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\sdbus.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\sdstor.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\serial.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\sermouse.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\smbdirect.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\spaceport.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\srv2.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\storqosflt.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\storvsp.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\synth3dvsc.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tcpip.sys.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tpm.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tsusbflt.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tsusbhub.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tunnel.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\usbhub.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\USBHUB3.SYS.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\usbport.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\usbstor.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\USBXHCI.SYS.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vdrvroot.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\VerifierExt.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vhdmp.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vmbus.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vmbusr.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vmstorfl.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\vmswitch.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\volmgr.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\volmgrx.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\volsnap.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\wacompen.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\wdf01000.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\wfplwfs.sys.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\winnat.sys.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\wof.sys.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:05 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\ws2ifsl.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\wudfpf.sys.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\hidscanner.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\idtsec.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\mgtdyn.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\Microsoft.Bluetooth.Profiles.HidOverGatt.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\SensorsCx.dll.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\SensorsHid.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\UsbccidDriver.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\wpdmtpdr.dll.mui Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\ru-RU\WUDFUsbccidDriver.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\1394.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\3ware.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\61883.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\acpi.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\AcpiDev.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\acpipagr.inf_loc Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\acpipmi.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\acpitime.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\adp80xx.inf_loc Handle ID: 0xb78c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\AMDGPIO2.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\AMDI2C.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\amdsata.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\AMDSBS.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\arcsas.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\athw8x.INF_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\AudioEndpoint.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\avc.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\b57nd60a.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\basicdisplay.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\BasicRender.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\battery.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bcmwdidhdpcie.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\btampm.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bth.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\BthLCPen.inf_loc Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\BthLEEnum.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bthmtpenum.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\BthOob.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bthpan.inf_loc Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bthprint.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\bthspp.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\buttonconverter.inf_loc Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_apo.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_camera.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_diskdrive.inf_loc Handle ID: 0xa438 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_display.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_extension.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_firmware.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsactivitymonitor.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsantivirus.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fscfsmetadataserver.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fscompression.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fscontentscreener.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fscontinuousbackup.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fscopyprotection.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsencryption.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fshsm.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsinfrastructure.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsopenfilebackup.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsphysicalquotamgmt.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsquotamgmt.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsreplication.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fssecurityenhancer.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fssystem.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fssystemrecovery.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsundelete.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_fsvirtualization.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_holographic.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_magneticstripereader.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_media.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_monitor.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_net.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_netdriver.inf_loc Handle ID: 0xb790 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_processor.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_proximity.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_scmdisk.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_scmvolume.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_sensor.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_smrdisk.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_smrvolume.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_sslaccel.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_swcomponent.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_swdevice.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_ucm.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\c_volume.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cdrom.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ChargeArbitration.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cht4nulx64.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cht4sx64.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cht4vx64.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\circlass.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cmbatt.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\CompositeBus.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\cpu.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\dc1-controller.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\dc21x4vm.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\DigitalMediaDevice.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\disk.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\display.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\displayoverride.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\e2xw10x64.inf_loc Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\EhStorPwdDrv.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\EhStorTcgDrv.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\fdc.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\flpydisk.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\FusionV2.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\gameport.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\genericusbfn.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hal.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\HalExtIntcLpioDma.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\HalExtPL080.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hdaudbus.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hdaudio.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hdaudss.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidbatt.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidbth.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidbthle.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidcfu.inf_loc Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hiddigi.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidi2c.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidinterrupt.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidir.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidirkbd.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidscanner.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidserv.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidspi_km.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hidvhf.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\hpsamd.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iagpio.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iai2c.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_GPIO2_BXT_P.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_GPIO2_CNL.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_GPIO2_GLK.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_GPIO2_SKL.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_I2C_BXT_P.inf_loc Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_I2C_CNL.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_I2C_GLK.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSS2i_I2C_SKL.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ialpssi_gpio.INF_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iaLPSSi_I2C.INF_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iastorav.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iastorv.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\idtsec.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\image.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\input.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\intelpep.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\intelpmax.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\IntelTA.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ipmidrv.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ipoib6x.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\iscsi.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\itSAS35i.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\kdnic.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\keyboard.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ks.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\kscaptur.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ksfilter.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\lltdio.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\lsi_sas.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\lsi_sas2i.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\lsi_sas3i.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\lsi_sss.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\machine.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mausbhost.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mbtr8897w81x64.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mchgr.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmbtmdm.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmcxpv6.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmgen.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmhayes.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmirmdm.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmusrk1.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mdmvv.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\megasas.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\megasas35i.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\megasr.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\memory.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mf.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mgtdyn.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_a2dp.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_a2dp_snk.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_a2dp_src.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Microsoft_Bluetooth_AvrcpTransport.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_hfp.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_hfp_ag.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\microsoft_bluetooth_hfp_hf.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\miradisp.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mlx4_bus.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\modemcsa.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\monitor.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mrvlpcie8897.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msclmd.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msdv.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msgpiowin32.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mshdc.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msmouse.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msports.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mssmbios.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mstape.inf_loc Handle ID: 0xb7b8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\msux64w10.INF_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\MTConfig.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\multiprt.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mvumis.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\mwlu97w8x64.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ndiscap.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NdisImPlatform.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NdisImPlatformMp.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ndisuio.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NdisVirtualBus.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net1ic64.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net1yx64.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net44amd.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net7400-x64-n650.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net7500-x64-n650f.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net7800-x64-n650f.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NET8185.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net8187bv64.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net8187se64.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net8192se64.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net8192su64.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net819xp.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\net9500-x64-n650f.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netathr10x.INF_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netavpna.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NETAX88179_178a.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NETAX88772.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netbc64.INF_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netbvbda.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netbxnda.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nete1e3e.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nete1g3e.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\neteFE3e.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netelx.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netevbda.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netg664.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netimm.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netip6.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netirda.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netjme.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netk57a.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netl160a.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netl1c63x64.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netl1e64.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netl260a.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netlldp.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netloop.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netmlx4eth63.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netmlx5.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netmscli.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netmyk64.inf_loc Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netnb.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netnvm64.inf_loc Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netnvma.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netnwifi.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netpacer.inf_loc Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netpgm.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netr28ux.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netr28x.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netr7364.inf_loc Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrasa.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrass.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrast.inf_loc Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrndis.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtl64.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtwlane.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtwlane01.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtwlane_13.inf_loc Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtwlans.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netrtwlanu.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Netserv.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netsstpa.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nett4x64.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nettcpip.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netv1x64.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvchannel.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvf63a.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvg63a.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvwifibus.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvwififlt.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvwifimp.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netvwwanmp.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Netwbw02.INF_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Netwew01.INF_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netwlv64.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netwmbclass.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netwns64.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Netwtw02.INF_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NETwtw04.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\NETwtw06.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\Netwtw08.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\netxex64.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ntprint.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nulhprs8.inf_loc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nvdimm.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\nvraid.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\oposdrv.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\pci.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\pcmcia.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\percsas2i.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\percsas3i.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\pmem.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\PnPXInternetGatewayDevices.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\PrintQueue.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\prnms013.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\qd3x64.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rawsilo.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\RDCameraDriver.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rdpbus.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rdvgwddmdx11.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\remoteposdrv.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rhproxy.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rndiscmp.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rspndr.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rt640x64.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rtux64w10.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rtvdevx64.INF_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\rtwlanu_oldIC.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sbp2.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\scmbus.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\scmvolume.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SCRAWPDO.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\scsidev.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\scunknown.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sdbus.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SDFLauncher.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SDFRd.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sdstor.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SensorsAlsDriver.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SensorsHidClassDriver.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SensorsServiceDriver.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sisraid2.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sisraid4.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\SmartSAMD.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\smrdisk.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\smrvolume.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\spaceport.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\STEXSTOR.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\sti.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\storfwupdate.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\stornvme.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\storufs.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\swenum.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\tape.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\termkbd.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\termmou.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\tpm.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\tpmvsc.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\TransferCable.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ts_generic.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ts_wpdmtp.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\TSGenericUSBDriver.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\tsprint.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\TsUsbHubFilter.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\uaspstor.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\UcmUcsiAcpiClient.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\uefi.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ufxchipidea.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ufxsynopsys.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\uicciso.inf_loc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\uiccspb.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\umbus.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\umpass.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\unknown.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\urschipidea.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\urssynopsys.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usb.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbaudio2.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\UsbccidDriver.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbcir.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbhub3.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbport.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbprint.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbser.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbstor.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbvideo.inf_loc Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\usbxhci.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\vca.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\vdrvroot.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\vhdmp.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\virtdisk.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\volmgr.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\volsnap.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\volume.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\vsmraid.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\vstxraid.inf_loc Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wave.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\WceISVista.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wdma_usb.inf_loc Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wdmaudio.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wdmvsc.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wfcvsc.inf_loc Handle ID: 0xa9d8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wfpcapture.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wGenCounter.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\whvcrash.inf_loc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\whyperkbd.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\WindowsTrustedRTProxy.inf_loc Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\winusb.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wmbclass_wmc_union.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wmiacpi.inf_loc Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wnetvsc.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wnetvsc_vfpp.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wpdcomp.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wpdfs.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wpdmtp.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wpdmtphw.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ws3cap.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\WSDPrint.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\WSDScDrv.inf_loc Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wstorflt.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wstorvsc.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wstorvsp.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wsynth3dvsc.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\WUDFUsbccidDriver.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvid.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmbus.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmbushid.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmbusr.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmbusvideo.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmgid.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_ext.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_guestinterface.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_heartbeat.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_kvpexchange.inf_loc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_shutdown.inf_loc Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvmic_timesync.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvms_mp_windows.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvms_pp.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvms_vsft.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvms_vspp.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvpci.inf_loc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\wvpcivsp.inf_loc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\xboxgip.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\xboxgipSynthetic.inf_loc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\xinputhid.inf_loc Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\xusb22.inf_loc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DriverStore\ru-RU\ykinx64.inf_loc Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsc\ru-RU\DscCoreR.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsc\ru-RU\PSDSCFileDownloadManagerEvents.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\ru-RU\F12Platform.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\ru-RU\F12Platform2.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\ru-RU\F12Script.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\ru-RU\IEChooser.exe.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\ru-RU Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\ru-RU\LxssManager.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\ru-RU\ShMig.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\ru-RU\SxsMigPlugin.dll.mui Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\ru-RU\migres.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MUI\0419\mscorees.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\audit.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\msoobedui.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\msoobeFirstLogonAnim.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\msoobeplugins.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\OOBE_HELP_Cortana_Learn_More.rtf Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\OOBE_HELP_Opt_in_Details.htm Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\OOBE_HELP_Opt_in_Details.rtf Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\oobe_learn_more_activity_history.htm Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\oobecoreadapters.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\oobeldr.exe.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\pnpibs.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\privacy.rtf Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\setup.exe.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\SetupCleanupTask.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\UserOOBE.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\vofflps.rtf Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\W32UIRes.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\windeploy.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\WinLGDep.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\winsetup.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\pris\resources.ru-RU.pri Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\ru-RU\PerceptionSimulationService.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\ru-RU\BarcodeScannerProtocolProvider.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\ru-RU\CashDrawerProtocolProvider.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PointOfService\ProtocolProviders\ru-RU\PrinterProtocolProvider.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prncnfg.vbs Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prndrvr.vbs Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prnjobs.vbs Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prnmngr.vbs Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prnport.vbs Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\prnqctl.vbs Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\ru-RU\pubprn.vbs Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru\AppVStreamingUX.resources.dll Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru\AuthFWSnapIn.Resources.dll Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru\AuthFWWizFwk.Resources.dll Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru\fhuxpresentation.Resources.dll Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\aadtb.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\aadWamExtension.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AboutSettingsHandlers.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\accessibilitycpl.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\acledit.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\aclui.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\acppage.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\acproxy.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ActionCenter.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ActionCenterCPL.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\actionqueue.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\activeds.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AdmTmpl.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\adrclient.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\adsldpc.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\adsnt.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\adtschema.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\advapi32.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\advapi32res.dll.mui Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\advpack.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\aeevts.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AgentService.exe.mui Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ajrouter.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\alg.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\apds.dll.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\APMon.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppContracts.dll.mui Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppExtension.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\apphelp.dll.mui Handle ID: 0xb7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Apphlpdm.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppHostRegistrationVerifier.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appidsvc.dll.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appinfo.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppInstallerPrompt.Desktop.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ApplicationFrame.dll.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\applockercsp.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appmgmts.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appmgr.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppointmentApis.dll.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appraiser.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppReadiness.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppResolver.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appwiz.cpl.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppXDeploymentClient.dll.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppXDeploymentServer.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppxPackaging.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\arp.exe.mui Handle ID: 0xb79c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\asferror.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\assignedaccessmanager.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\assignedaccessmanagersvc.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\assignedaccessproviderevents.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\at.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\attrib.exe.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\audiodg.exe.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AudioEndpointBuilder.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AudioHandlers.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AudioSes.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AudioSrv.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\auditcse.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuditNativeSnapIn.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\auditpol.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\auditpolcore.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuditPolicyGPInterop.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\auditpolmsg.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuthBroker.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuthBrokerUI.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuthExt.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\authfwcfg.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\authfwgp.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AuthHost.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\authui.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\autopilotdiag.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\autoplay.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\autotimesvc.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\avicap32.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\avifil32.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\avrt.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AxInstSv.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AxInstUI.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\azman.msc Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\azroleui.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\baaupdate.exe.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\basecsp.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bash.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\batmeter.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bcastdvruserservice.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bcdboot.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bcdedit.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bcrypt.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bdechangepin.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BdeHdCfg.exe.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BdeHdCfgLib.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bdesvc.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bdeunlock.exe.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bfe.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BioCredProv.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bisrv.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BitLockerWizard.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BitLockerWizardElev.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bitsadmin.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BlbEvents.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\blbres.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bnmanager.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bootcfg.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bootsect.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bootstr.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bootux.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bridgeres.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BTAGService.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BthAvctpSvc.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BthAvrcp.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BthAvrcpAppSvc.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bthci.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BthMtpContextHandler.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BthpanContextHandler.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bthprops.cpl.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bthserv.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bthudtask.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\btpanui.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Bubbles.scr.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\BWContextHandler.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cabview.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cacls.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CallHistoryClient.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CapabilityAccessManager.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\capauthz.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CaptureService.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CBDHSvc.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cdp.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cdprt.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cdpsvc.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cdpusersvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cemapi.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cero.rs.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certca.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certcli.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certcredprovider.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certenc.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CertEnroll.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CertEnrollCtrl.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CertEnrollUI.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certlm.msc Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certmgr.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certmgr.msc Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CertPKICmdlet.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CertPolEng.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certprop.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certreq.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\certutil.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cewmdm.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cfgbkend.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\change.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\changepk.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\charmap.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CheckNetIsolation.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chglogon.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chgport.exe.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chgusr.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chkdsk.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chkntfs.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\chkwudrv.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\choice.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cic.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cipher.exe.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CIWmi.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\clb.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cleanmgr.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\clfs.sys.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cliconfg.rll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\clip.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ClipboardServer.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Clipc.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\clipsvc.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CloudDomainJoinAUG.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CloudExperienceHostCommon.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CloudNotifications.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\clusapi.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmcfg32.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmd.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmdial32.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmdkey.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmdl32.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmlua.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmmon32.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmstp.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmstplua.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cmutil.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cngcredui.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cob-au.rs.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cofire.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cofiredm.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\colorcpl.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\colorui.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\combase.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\comexp.msc Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\comp.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\compact.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CompatTelRunner.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\compmgmt.msc Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CompMgmtLauncher.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\compstui.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\computelibeventlog.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\computenetwork.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ComputerDefaults.exe.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\comres.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Conhost.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ConhostV1.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\connect.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\consent.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ConsentUX.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ConsentUxClient.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\console.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ConsoleLogon.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ContentDeliveryManager.Utilities.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CredDialogBroker.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CredentialEnrollmentManager.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CredProv2faHelper.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\credprovhost.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\credprovs.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\credprovslegacy.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\credwiz.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\crypt32.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cryptext.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CryptNgc.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cryptsvc.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cryptui.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cryptuiwizard.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cryptxml.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cscmig.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cscobj.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cscript.exe.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cscsvc.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cscui.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CSRR.rs.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\csrsrv.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\csrss.exe.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ctfmon.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cttune.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cttunesvr.exe.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CustomInstallExec.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\cxcredprov.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\d2d1.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\D3DSCache.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dab.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DAConn.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dafpos.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DafPrintProvider.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DAMM.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DaOtpCredentialProvider.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\das.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dataclen.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DataExchangeHost.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\datusage.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dccw.exe.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dcomcnfg.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DDORes.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ddputils.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ddraw.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DefaultPrinterProvider.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Defrag.exe.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\defragsvc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\desk.cpl.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\deskadp.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\deskmon.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevDispItemProvider.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\devenum.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceCenter.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceDirectoryClient.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceDisplayStatusManager.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceElementSource.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\devicengccredprov.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevicePairing.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevicePairingExperienceMEM.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevicePairingFolder.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceProperties.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\deviceregistration.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceSetupManager.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceSetupManagerApi.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceSetupStatusProvider.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevicesFlowBroker.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DeviceUpdateAgent.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\devmgmt.msc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\devmgr.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DevModeRunAsUserConfig.msc Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\devquerybroker.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DFDTS.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DFDWiz.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DfrgUI.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dfshim.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DfsShlEx.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dggpext.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpcmonitor.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpcore.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpcore6.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpcsvc.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpcsvc6.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dhcpsapi.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DiagCpl.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diagperf.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diagtrack.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dialer.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DictationManager.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dimsjob.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dimsroam.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dinput.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dinput8.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\discan.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diskmgmt.msc Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diskpart.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diskperf.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diskraid.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Dism.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DispBroker.Desktop.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Display.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DisplaySwitch.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\djctq.rs.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\djoin.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dlnashext.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DMAppsRes.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmdskres.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmdskres2.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmenterprisediagnostics.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmpushroutercore.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmusic.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmutil.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmwappushsvc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dnsapi.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dnscmmc.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dnshc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dnsrslvr.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\docprop.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DocumentPerformanceEvents.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\domgmt.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\doskey.exe.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dosvc.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3api.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3cfg.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Dot3Conn.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3dlg.dll.mui Handle ID: 0xb780 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3gpclnt.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3gpui.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3hc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3mm.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3msm.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3svc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dot3ui.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dpapimig.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DpiScaling.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dps.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\driverquery.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\drprov.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\drt.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DscCore.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DscCoreConfProv.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DscProxy.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DscTimer.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dskquota.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dskquoui.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DsmUserTask.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsound.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsprop.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsquery.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsreg.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsregcmd.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsregtask.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dssec.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dssvc.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Dsui.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dsuiext.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dtsh.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dui70.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\duser.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dusmsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dwm.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dwmapi.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dwmcore.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dwminit.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dwmredir.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DWrite.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DWWIN.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxdiag.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxdiagn.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxgkrnl.sys.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxgmms2.sys.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxgwdi.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxp.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dxpserver.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\DxpTaskSync.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eappcfgui.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eappgnui.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eapphost.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eapsimextdesktop.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eapsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EapTeapAuth.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EapTeapExt.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\easconsent.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EaseOfAccessDialog.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\edgehtml.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EditionUpgradeManagerObj.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\edptask.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\edputil.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\efsadu.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\efscore.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\efsext.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\efssvc.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EhStorAPI.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EhStorAuthn.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EhStorPwdMgr.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EhStorShell.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\els.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\elscore.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\embeddedmodesvc.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\energy.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\energytask.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EnterpriseAppMgmtSvc.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eqossnap.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ESENT.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\esrb.rs.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eudcedit.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EventCreate.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\EventViewer_EventDetails.xsl Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eventvwr.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\eventvwr.msc Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\evr.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ExecModelClient.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\expand.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\explorerframe.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\extrac32.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FaceCredentialProvider.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\faultrep.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fc.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fcon.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fde.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fdeploy.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fdPHost.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fdprint.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fdrespub.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhcfg.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhcleanup.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhcpl.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhengine.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhmanagew.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhsettingsprovider.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhshl.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhsvc.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fhtask.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fidocredprov.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FileHistory.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\filemgmt.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\find.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\findstr.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\finger.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fingerprintcredential.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FirewallAPI.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FirewallControlPanel.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fixmapi.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FlightSettings.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fltlib.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fltMC.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FntCache.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fodhelper.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Fondue.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fontext.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fontview.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\forfiles.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fpb.rs.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fphc.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FrameServer.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fsavailux.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fsmgmt.msc Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fsquirt.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fsutil.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fthsvc.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ftp.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FunDisc.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fvecpl.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fvenotify.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fveprompt.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fveui.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fvewiz.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fwcfg.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fwpuclnt.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FXSCOMPOSERES.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FXSEVENT.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FXSRESM.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FXSUTILITY.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\g711codc.ax.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\GamePanel.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\GCDEF.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Geolocation.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\getmac.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\glu32.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpapi.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpedit.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpedit.msc Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpprefcl.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpprnext.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpresult.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpscript.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpsvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gptext.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpupdate.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpupvdev.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\grb.rs.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Groupinghc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\grpconv.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hcproviders.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hcsdiag.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hdwwiz.cpl.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hdwwiz.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\help.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hgcpl.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hhctrl.ocx.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hid.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hidphone.tsp.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hidserv.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hlink.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hnetcfg.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hnetcfgclient.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hnetmon.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\HolographicExtensions.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hostname.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\HostNetSvc.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hotplug.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\html.iec.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\htui.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hvhostsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hvsievaluator.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\hvsigpext.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ias.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iasacct.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iasads.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iasdatastore.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iashlpr.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iasrad.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iassdo.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iassvcs.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ICacls.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:06 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\icmui.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\icsigd.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\icsvc.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\icsvcext.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\IdCtrls.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\IdListen.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ie4uinit.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\IEAdvpack.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iedkcs32.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ieframe.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iepeers.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iernonce.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iertutil.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iesetup.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ieui.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ieunatt.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iexpress.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ifmon.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\igdDiag.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ikeext.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\imaadp32.acm.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\imapi.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\imapi2.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\imapi2fs.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\immersivetpmvscmgrsvr.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\inetcpl.cpl.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\inetpp.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\inetppui.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\inetres.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\InfDefaultInstall.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\InkObjCore.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\input.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\InputSwitch.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\InputSwitchToastHandler.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\inseng.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\InstallService.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\intl.cpl.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\invagent.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iologmsg.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ipconfig.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iphlpapi.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iphlpsvc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ipnathlp.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\IPNATHLPCLIENT.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iprtrmgr.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ipsecsnp.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ipsecsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\IpsmSnap.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ipxlatcfg.dll.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsicli.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsicpl.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsicpl.exe.mui Handle ID: 0xa6d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsidsc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsiexe.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iscsilog.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\isoburn.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\iyuv_32.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\joinproviderol.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\joy.cpl.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\jscript.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\jscript9.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kdcpw.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\KdsCli.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kerberos.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kernel32.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\KernelBase.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\keyiso.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\keymgr.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\klist.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kmddsp.tsp.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ksetup.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kstvtune.ax.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kswdmcap.ax.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ksxbar.ax.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ktmutil.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\l2nacp.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\L2SecHC.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\l3codeca.acm.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\label.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LanguageComponentsInstaller.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LanguageComponentsInstallerComHandler.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LanguageOverlayServer.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LanguagePackDiskCleanup.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lfsvc.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LicenseManagerSvc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\licensingdiag.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LicensingUI.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\licmgr10.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lipeula.rtf Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\listsvc.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lltdres.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lmhsvc.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\loadperf.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\localsec.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\localspl.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\localui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\locationframework.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LocationNotificationWindows.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Locator.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LockAppBroker.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LockScreenContent.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lodctr.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\loghours.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\logman.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\logoff.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\LogonController.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpasvc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpdsvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpeula.rtf Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpksetup.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpq.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpr.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lpremove.exe.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lprmon.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lprmonui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lsasrv.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lsm.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\lusrmgr.msc Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Magnification.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Magnify.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\main.cpl.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MaintenanceUI.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\manage-bde.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ManageCI.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MapControlStringsRes.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mapi32.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mapistub.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mapstoasttask.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mapsupdatetask.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MbaeApi.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MbaeParserTask.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mblctr.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mciavi32.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mcicda.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mciqtz32.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mciseq.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mciwave.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MDEServer.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mdminst.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MdRes.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MdSched.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MemoryDiagnostic.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MessagingService.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mf.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MFC42.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MFC42u.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MFCaptureEngine.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mferror.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mfmp4srcsnk.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mfplat.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mfpmp.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mgmtrefreshcredprov.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-hal-events.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft-Windows-Internal-Shell-NearShareExperience.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-kernel-pnp-events.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-kernel-power-events.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-kernel-processor-power-events.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-power-cad-events.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-storage-tiering-events.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-system-events.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft.Bluetooth.UserService.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft.Graphics.Display.DisplayEnhancementService.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft.Uev.AgentDriverEvents.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft.Uev.AppAgent.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Microsoft.Uev.EventLogMessages.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\miguiresource.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mimefilt.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mimofcodec.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\miracastreceiver.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mispace.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MitigationClient.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MitigationConfiguration.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\miutils.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmc.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmcbase.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmcndmgr.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmcshext.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MMDevAPI.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmres.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mmsys.cpl.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\modemui.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ModernExecServer.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\moshost.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mountvol.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mpeval.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mpr.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mprddm.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mprdim.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mprext.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mprmsg.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mpsdrv.sys.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mpssvc.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mrinfo.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msacm32.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msadp32.acm.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msaudite.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mscandui.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MSchedExe.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mscms.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msconfig.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msctf.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msctfui.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msctfuimanager.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msdrm.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msdt.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msdtc.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msdtcVSp1res.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msfeedsbs.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msftedit.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msg.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msg711.acm.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msgsm32.acm.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mshta.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mshtml.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mshtmler.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MsiCofire.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msident.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msidntld.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msieftp.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msiexec.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msimtf.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msinfo32.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mskeyprotcli.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mskeyprotect.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msmpeg2enc.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msobjs.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msoert2.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mspaint.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msports.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msra.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msrahc.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mssign32.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MsSpellCheckingFacility.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mssph.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mssrch.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mssvp.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mstask.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mstsc.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mstscax.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msutb.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msvfw32.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msvidc32.dll.mui Handle ID: 0xb7a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MSVidCtl.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MSWMDM.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mswsock.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msxml3r.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\msxml6r.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MTFFuzzyDS.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mtstocom.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MultiDigiMon.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MusNotificationUx.exe.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MusNotifyIcon.exe.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MusUpdateHandlers.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mycomput.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\mydocs.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Mystify.scr.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\napinsp.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Narrator.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NaturalAuth.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nbtstat.exe.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NcaSvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ncbservice.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NcdAutoSetup.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NcdProp.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ncpa.cpl.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ncrypt.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ncryptprov.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ncsi.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ndadmin.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ndfapi.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ndishc.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nduprov.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netbtugc.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netcenter.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netcfg.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netcfgx.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netcorehc.dll.mui Handle ID: 0xa4cc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netdiagfx.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netevent.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\neth.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netid.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netiohlp.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netiougc.exe.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netjoin.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netlogon.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netman.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetMgmtIF.dll.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netmsg.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netplwiz.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Netplwiz.exe.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netprofmsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetSetupSvc.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netsh.exe.mui Handle ID: 0xa7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netshell.dll.mui Handle ID: 0xa954 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netstat.exe.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nettrace.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetworkDesktopSettings.dll.mui Handle ID: 0xa444 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetworkExplorer.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetworkIcon.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetworkItemFactory.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NetworkStatus.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\newdev.dll.mui Handle ID: 0xa9c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\newdev.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ngccredprov.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NgcCtnrSvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ngckeyenum.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NgcRecovery.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ngcsvc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ngctasks.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nlahc.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nlasvc.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nlhtml.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nlmgp.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nlsbres.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nltest.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\notepad.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NotificationController.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NPSMDesktopProvider.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nshhttp.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nshipsec.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nshwfp.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nsisvc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\nslookup.exe.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntdll.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntlanman.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntlanui2.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntmarta.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntprint.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntprint.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntshrui.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ntvdm64.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\NvAgent.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\objsel.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\occache.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\odbcad32.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\odbcconf.exe.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\odbcint.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\offFilt.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\oflc-nz.rs.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ole32.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\oleaccrc.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\oledlg.dll.mui Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\oleprn.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\OneBackupHandler.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\onex.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\onexui.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\openfiles.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\OpenWith.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\OptionalFeatures.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\osk.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\p2p.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\p2pnetsh.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\p2psvc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PackageInspector.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\packager.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PasswordEnrollmentManager.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PasswordOnWakeSettingFlyout.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pathping.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pautoenr.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcaevts.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcalua.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcasvc.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcaui.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcbp.rs.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PCPKsp.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcsvDevice.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcwum.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pcwutl.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pdh.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pdhui.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PeerDist.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PeerDistCleaner.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PeerDistSh.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PeerDistSvc.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pegi-pt.rs.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pegi.rs.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PeopleBand.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfctrs.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfdisk.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfmon.exe.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfmon.msc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfnet.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfos.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perfproc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\perftrack.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\phoneactivate.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PhoneServiceRes.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PhoneUtilRes.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PhotoScreensaver.scr.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\photowiz.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PimIndexMaintenance.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pimstore.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ping.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PktMon.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pla.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PlaySndSrv.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PlayToDevice.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PlayToManager.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\playtomenu.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PlayToStatusProvider.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pmcsnap.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnidui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnpclean.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnppolicy.dll.mui Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnpui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PnPUnattend.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnputil.exe.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PNPXAssocPrx.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnrpauto.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnrphc.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnrpnsp.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pnrpsvc.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\polstore.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\poqexec.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PortableDeviceApi.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\portabledevicestatus.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PortableDeviceSyncProvider.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pots.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\powercfg.cpl.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\powercfg.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\powercpl.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\powrprof.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ppcsnap.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PresentationHost.exe.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PresentationSettings.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\prflbmsg.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\print.exe.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PrintBrmUi.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\printmanagement.msc Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\printui.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\printui.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PrintWorkflowService.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PrintWSDAHost.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\prnfldr.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\prnntfy.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\prntvpt.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\profext.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\profsvc.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\propsys.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\proquota.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\provcore.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\provplatformdesktop.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\provsvc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ProximityCommon.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ProximityUxHost.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pshed.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PSModuleDiscoveryProvider.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\psmodulediscoveryprovider.mfl Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\psr.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pstask.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ptpprov.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\puiapi.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\puiobj.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PushToInstall.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pwlauncher.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pwlauncher.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pwrshplugin.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\pwsso.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qappsrv.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qcap.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qdv.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qdvd.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qedit.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qmgr.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qprocess.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\quartz.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Query.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\query.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\QuickActionsDataModel.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\QuietHours.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\quser.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qwave.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\qwinsta.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\racengn.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\racpldlg.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\radardt.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\radarrs.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RADCUI.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasapi32.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasauto.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasautou.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\raschap.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\raschapext.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasctrs.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rascustom.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasdiag.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasdial.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasdlg.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\raserver.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasgcw.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasmans.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasmbmgr.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasmm.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasmontr.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasphone.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rasplap.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rastls.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rastlsext.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdbui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpcfgex.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpclip.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpcorets.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpendp.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpinit.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RdpSa.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpshell.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdpsign.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdrleakdiag.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdvgogl64.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdvgumd64.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rdvvmtransport.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RDXService.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RDXTaskFactory.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\reagent.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\reagentc.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ReAgentTask.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\recdisc.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\recover.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\recovery.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RecoveryDrive.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\refsutil.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\reg.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\regidle.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\register-cimprovider.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\regsvc.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\regsvr32.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rekeywiz.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\relog.exe.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RelPost.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\remotepg.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RemoveDeviceContextHandler.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\removerootporterr.mfl Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\repair-bde.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\replace.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\reset.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\reseteng.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ResetEngine.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ResetEngOnline.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RestartManager.mfl Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RestartManagerUninstall.mfl Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\resutils.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Ribbons.scr.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rmapi.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RmClient.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Robocopy.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rootporterr.mfl Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\route.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RpcEpMap.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RpcNs4.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rpcnsh.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rpcping.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rpcrt4.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rshx32.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rsop.msc Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rstrtmgr.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rstrui.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rtffilt.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rtm.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\runas.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rundll32.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\RunLegacyCPLElevated.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\runonce.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\rwinsta.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\samsrv.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sberes.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sbresources.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sc.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scansetting.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SCardDlg.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SCardSvr.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scavengeui.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ScDeviceEnum.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scecli.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scesrv.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\schannel.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\schedsvc.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\schtasks.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scksp.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scrnsave.scr.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scrobj.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scrptadm.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\scrrun.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdbinst.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdchange.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdclt.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdcpl.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdengin2.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdiageng.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdiagnhost.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdiagprv.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdiagschd.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdohlp.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdrsvc.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sdshext.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Search.ProtocolHandler.MAPI2.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\searchfolder.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SearchIndexer.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\secedit.exe.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\secinit.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\seclogon.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\secpol.msc Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SecurityHealthAgent.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\securityhealthsso.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\semgrsvc.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sendmail.dll.mui Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sens.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sensordataservice.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SensorsApi.dll.mui Handle ID: 0xb7b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SensorsCpl.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SensorService.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SensorsUtilsV2.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sensrsvc.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\serialui.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\services.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\services.msc Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\serwvdrv.dll.mui Handle ID: 0xb7c8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sessenv.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sessionmsg.exe.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sethc.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SetNetworkLocationFlyout.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SetProxyCredential.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setspn.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_CapabilityAccess.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_Devices.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_Display.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_ForceSync.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_Geolocation.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_Maps.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_Notifications.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_OneCore_BatterySaver.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_OneCore_PowerAndSleep.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_OneDriveBackup.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_QuickActions.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_SIUF.dll.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_StorageSense.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_UserAccount.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SettingsHandlers_WorkAccess.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setupapi.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setupcl.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setupcl.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setupcln.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setupugc.exe.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\setx.exe.mui Handle ID: 0xa9b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sfc.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SgrmBroker.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SharedRealitySvc.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ShareHost.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sharemediacpl.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SHCore.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shdocvw.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shell32.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shimgvw.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shlwapi.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shrpubw.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shsvcs.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shutdown.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shutdownext.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ShutdownUX.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shwebsvc.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sigverif.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sihclient.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SimAuth.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\slc.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\slcext.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\slui.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SmartcardCredentialProvider.dll.mui Handle ID: 0xa984 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\smartscreen.exe.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SMBHelperClass.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\smbwmiv2.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SMCCx.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SmiEngine.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\smphost.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SmsRouterSvc.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\smss.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sndvol.exe.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sndvolsso.dll.mui Handle ID: 0x6214 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SnippingTool.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\snmptrap.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\socialapis.dll.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\softkbd.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sort.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SpaceAgent.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SpaceControl.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spaceman.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spectrum.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spoolsv.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spp.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppc.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppcext.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppcomapi.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppcommdlg.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppnp.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sppsvc.exe.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spwizres.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sqlsrv32.rll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srchadmin.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srcore.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SRH.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srm.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srmshell.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srpapi.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SrpUxNativeSnapIn.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srrstr.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SrTasks.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\srvsvc.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sscore.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ssdpsrv.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ssText3d.scr.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sstpsvc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\StartTileData.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Startupscan.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sti.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sti_ci.dll.mui Handle ID: 0x5a20 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\stobject.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\StorageContextHandler.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\storagewmi.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Storprop.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\StorSvc.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\subst.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sud.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\svchost.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\svsvc.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\swprv.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sxproxy.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sxs.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sxstrace.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SyncCenter.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SyncInfrastructure.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\syncreg.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SyncSettings.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sysclass.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sysdm.cpl.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sysmain.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sysmon.ocx.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\sysreseterr.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\systemcpl.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemEventsBrokerServer.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\systeminfo.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesAdvanced.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesComputerName.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesDataExecutionPrevention.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesHardware.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesPerformance.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesProtection.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemPropertiesRemote.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\systemreset.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemSettingsAdminFlows.exe.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SystemSettingsRemoveDevice.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Tabbtn.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tabcal.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TabletPC.cpl.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TabSvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\takeown.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tapi3.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tapi32.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tapisrv.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tapiui.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\taskbarcpl.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\taskcomp.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\taskhostw.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\taskkill.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tasklist.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Taskmgr.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\taskschd.msc Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tcmsetup.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tcpipcfg.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TCPMON.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TCPMonUI.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tdh.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\telephon.cpl.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TelephonyInteractiveUserRes.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\telnet.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\termsrv.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TetheringIeProvider.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TetheringMgr.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TetheringService.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TetheringStation.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tftp.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\themecpl.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\themeservice.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\themeui.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\thumbcache.dll.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tier2punctuations.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TieringEngineService.exe.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TimeBrokerServer.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\timedate.cpl.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\timeout.exe.mui Handle ID: 0x4420 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TimeSyncTask.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TokenBroker.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tpm.msc Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tpmcompc.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TpmCoreProvisioning.dll.mui Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TpmInit.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TpmTasks.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TpmTool.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tpmvsc.dll.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tpmvscmgr.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tpmvscmgrsvr.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tquery.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tracerpt.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tracert.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\trkwks.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TrustedSignalCredProv.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tscfgwmi.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tscon.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tsdiscon.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tsgqec.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tskill.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tsmf.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TSSessionUX.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TsUsbRedirectionGroupPolicyExtension.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TSWorkspace.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TtlsAuth.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TtlsCfg.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\TtlsExt.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twext.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twinapi.appcore.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twinapi.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twinui.appcore.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twinui.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\twinui.pcshell.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\typeperf.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tzautoupdate.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tzres.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tzsyncres.dll.mui Handle ID: 0xb7a0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tzutil.exe.mui Handle ID: 0xa63c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ubpm.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ucmhc.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\uDWM.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UevAgentDriver.sys.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UIAutomationCore.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\uicom.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\uireng.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UIRibbon.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ulib.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\umpnpmgr.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\umpo.dll.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\umpoext.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\umrdp.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\unimdm.tsp.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\unimdmat.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Unistore.dll.mui Handle ID: 0xa70c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\unlodctr.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\unregmp2.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UpdatePolicy.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UpgradeResultsUI.exe.mui Handle ID: 0xb7bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\upnp.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\upnphost.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\urlmon.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usbceip.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usbmon.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usbperf.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UsbTask.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usbui.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\user32.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UserAccountControlSettings.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usercpl.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UserDataAccessRes.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UserDataService.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UserDeviceRegistration.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UserDeviceRegistration.Ngc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\userenv.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\userinit.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\userinitext.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usermgr.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usk.rs.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\usosvc.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\utcutil.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\utildll.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Utilman.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\uxtheme.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vac.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VAN.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Vault.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VaultCli.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VaultCmd.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VaultRoaming.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vaultsvc.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vbscript.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vds.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vdsbas.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vdsdyn.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vdsutil.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\verifier.exe.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\verifiergui.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vfwwdm32.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vid.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmbusvdev.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmchipset.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmcompute.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmcomputeeventlog.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmcrashdump.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmiccore.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmictimeprovider.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmpmem.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmserial.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmsmb.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VmSynthNic.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VmSynthStor.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmuidevices.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmwp.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmwpevents.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vssadmin.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vsstrace.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\VSSVC.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\w32time.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\w32tm.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WaaSMedicSvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WABSyncProvider.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\waitfor.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WalletService.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wavemsp.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wbadmin.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wbengine.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wbiosrvc.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wcmsvc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wcncsvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WcnNetsh.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wcnwiz.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wdc.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wdi.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wdmaud.drv.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\webauthn.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WebcamUi.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\webcheck.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\webclnt.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\webio.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\webservices.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wecsvc.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wecutil.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wephostsvc.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wer.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\werconcpl.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wercplsupport.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WerFault.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WerFaultSecure.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wersvc.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\werui.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wevtapi.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wevtfwd.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wevtsvc.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wevtutil.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wextract.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WF.msc Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WFDSConMgrSvc.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WfHC.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WFSR.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\whealogr.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\where.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\whhelper.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\whoami.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiaacmgr.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiaaut.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiadefui.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiadss.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiarpc.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiaservc.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wiashext.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WiFiDisplay.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WiFiNetworkManager.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WiFiTask.exe.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wimgapi.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Win32_DeviceGuard.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\win32kbase.sys.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\win32spl.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winbio.dll.mui Handle ID: 0xa764 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinBioDataModel.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wincredui.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\windows.applicationmodel.datatransfer.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.ApplicationModel.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.ApplicationModel.Store.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.ApplicationModel.Store.TestingFramework.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.CloudStore.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Data.Activities.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Data.Pdf.dll.mui Handle ID: 0xa650 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.Background.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.Bluetooth.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.Custom.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.LowLevel.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.Picker.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.PointOfService.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.Scanners.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Devices.SmartCards.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Graphics.Printing.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.ImmersiveShell.ServiceProvider.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Internal.CapturePicker.Desktop.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Internal.CapturePicker.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Internal.Management.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Internal.SecurityMitigationsBroker.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\windows.internal.shell.broker.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\windows.internal.shellcommon.shareexperience.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Management.Service.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Media.MediaControl.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Media.Renewal.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Networking.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Perception.Stub.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Security.Authentication.Web.Core.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Security.Credentials.UI.UserConsentVerifier.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.SharedPC.CredentialProvider.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Shell.StartLayoutPopulationEvents.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.StateRepository.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\windows.storage.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Storage.Search.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.System.Launcher.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.System.Profile.HardwareId.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.System.Profile.SystemManufacturers.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.AppDefaults.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.CredDialogController.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.Immersive.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.PicturePassword.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.Xaml.Controls.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.Xaml.InkControls.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.Xaml.Maps.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.UI.Xaml.Phone.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Web.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Web.Http.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WindowsActionDialog.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\windowsudk.shellcommon.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winethc.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winhttp.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wininet.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wininetlui.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wininit.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winlangdb.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winload.efi.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winload.exe.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winlogon.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winmm.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winmmbase.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winmsipc.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winnlsres.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winresume.efi.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winresume.exe.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Winrs.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSAT.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSATAPI.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSCard.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSetupUI.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winsockhc.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winspool.drv.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winsrv.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSync.rll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSyncMetastore.rll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WinSyncProviders.rll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wintypes.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\winver.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\witnesswmiv2provider.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wksprt.exe.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wkssvc.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanapi.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlancfg.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WLanConn.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlandlg.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanext.exe.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlangpui.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WLanHC.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanmm.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanpref.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlansvc.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanui.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlanutil.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wldap32.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wldp.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlgpclnt.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlidcli.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlidres.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WLIDSvc.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wlrmdr.exe.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmerror.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WmiMgmt.msc Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmiprop.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmitomi.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WMPDMC.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmpdui.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WMPhoto.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmploc.DLL.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wmpshell.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WMVDECOD.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WMVENCOD.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WofTasks.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WorkfoldersControl.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WorkFoldersGPExt.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WorkFoldersRes.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WorkFoldersShell.Dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\workfolderssvc.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wosc.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Wpc.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WpcMon.exe.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WpcRefreshTask.dll.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpd_ci.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:07 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WpdBusEnum.dll.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpdshext.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WPDShextAutoplay.exe.mui Handle ID: 0xb798 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpnapps.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpncore.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpnpinst.exe.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpnprv.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wpnservice.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WpnUserService.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ws2_32.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wscapi.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WSCollect.exe.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wscript.exe.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wscsvc.dll.mui Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wscui.cpl.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsdapi.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WSDScDrv.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsecedit.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsepno.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshelper.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshext.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wship6.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshom.ocx.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshqos.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshrm.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wshtcpip.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsl.exe.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wslconfig.exe.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WsmRes.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WsmSvc.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsock32.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsqmcons.exe.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wuapi.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wuaueng.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WUDFHost.exe.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wudfplatform.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WudfSMCClassExt.dll.mui Handle ID: 0x6208 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wusa.exe.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wvc.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wwancfg.dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wwanconn.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WWanHC.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WWanMM.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Wwanpref.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wwansvc.dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\XblAuthManager.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\XblGameSave.dll.mui Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\XboxNetApiSvc.dll.mui Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\XInput1_4.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\XInput9_1_0.dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\xmlfilter.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\xwizard.exe.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\xwizards.dll.mui Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\xwtpdui.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\xwtpw32.dll.mui Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\zipfldr.dll.mui Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Licenses\_Default\Professional\license.rtf Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Licenses\OEM\Professional\license.rtf Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Licenses\Volume\Professional\license.rtf Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slmgr\0419\slmgr.ini Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\ru-RU Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\drivers\x64\3\ru-RU\tsprint.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\ru-RU\PrintBrm.exe.mui Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\ru-RU\PrintBrmEngine.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Sysprep\ru-RU\sysprep.exe.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\ru-RU Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\ru-RU\RjvClassicApp.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru\Microsoft.AppV.AppVClientWmi.resources.dll Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\aeinv.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\appbackgroundtask.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\appbackgroundtask.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\appbackgroundtask_uninstall.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\cimdmtf.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\cimwin32.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\cimwin32.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\CIWmi.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\cli.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\cliegaliases.mfl Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\csv.xsl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ddp.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dnsclientcim.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dnsclientcim.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dnsclientpsprovider.dll.mui Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dnsclientpsprovider.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dnsclientpsprovider_uninstall.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\DscCore.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\DscCoreConfProv.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\DscProxy.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\DscTimer.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\dsprov.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\EmbeddedLockdownWmi.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\embeddedlockdownwmi.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\embeddedlockdownwmi_Uninstall.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\EventTracingManagement.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\EventTracingManagement.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\filetrace.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\FolderRedirectionWMIProvider.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\hbaapi.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\hform.xsl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\htable.xsl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\interop.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ipmiprr.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ipmiprv.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\iscsidsc.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\iscsiprf.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\iscsiwmiv2.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\iscsiwmiv2_uninstall.mfl Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\KrnlProv.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\krnlprov.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\l2gpstore.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMAppProv.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMAppProv.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMAppProv_Uninstall.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMSettingsProv.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMSettingsProv.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MDMSettingsProv_Uninstall.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\Microsoft-Windows-OfflineFiles.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mispace.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mispace_uninstall.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MMFUtil.dll.mui Handle ID: 0xa7dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mof.xsl Handle ID: 0xa17c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mofcomp.exe.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mofd.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mpeval.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MsDtcWmi.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\msfeeds.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\msfeedsbs.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\msi.mfl Handle ID: 0xcb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\MsNetImPlatform.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mstsc.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\mstscax.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NCProv.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ncprov.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ndisimplatcim.dll.mui Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetAdapterCim.dll.mui Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetAdapterCim.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetAdapterCim_uninstall.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetAdapterCimTrace.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetAdapterCimTraceUninstall.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netdacim.dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netdacim.mfl Handle ID: 0xa7c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netdacim_uninstall.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetEventPacketCapture.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetEventPacketCapture.mfl Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetEventPacketCapture_Uninstall.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetNat.dll.mui Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netNat.mfl Handle ID: 0xf48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netnccim.dll.mui Handle ID: 0x6c78 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netnccim.mfl Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netnccim_uninstall.mfl Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetPeerDistCim.dll.mui Handle ID: 0xa188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetPeerDistCim.mfl Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetPeerDistCim_uninstall.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetSwitchTeam.mfl Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netswitchteamcim.dll.mui Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetTCPIP.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetTCPIP.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\NetTCPIP_uninstall.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netttcim.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netttcim.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\netttcim_uninstall.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\nlmcim.dll.mui Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\nlmcim.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\nlmcim_uninstall.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\npivwmi.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ntevt.dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ntevt.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\OfflineFilesConfigurationWmiProvider.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\OfflineFilesConfigurationWmiProvider_Uninstall.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\OfflineFilesWmiProvider.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\OfflineFilesWmiProvider_Uninstall.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\p2p-mesh.mfl Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\p2p-pnrp.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\pcsvDevice.mfl Handle ID: 0x72c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\pcsvDevice_Uninstall.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\PolicMan.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\polproc.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\polprocl.mfl Handle ID: 0x72c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\polprou.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\powermeterprovider.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\PowerPolicyProvider.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\PrintManagementProvider.dll.mui Handle ID: 0x72c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\PrintManagementProvider.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\profileassociationprovider.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\PS_MMAgent.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\qoswmi.dll.mui Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\qoswmi.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\qoswmi_uninstall.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\qoswmitrc.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\qoswmitrc_uninstall.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\RacWmiProv.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\RacWmiProv.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\rdpinit.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\rdpshell.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\regevent.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\rsop.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\schedprov.dll.mui Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\schedprov.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ScrCons.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\secrcw32.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\ServDeps.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\SmbWitnessWmiv2Provider.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\smbwmiv2.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\smtpcons.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\sppwmi.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\sr.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\storagewmi.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\storagewmi_passthru.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\storagewmi_passthru_uninstall.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\storagewmi_uninstall.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\subscrpt.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\system.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\tsallow.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\tscfgwmi.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\UserProfileConfigurationWmiProvider.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\UserProfileWmiProvider.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\UserStateWMIProvider.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vds.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vdswmi.dll.mui Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vpnclientpsprovider.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vpnclientpsprovider.mfl Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vpnclientpsprovider_uninstall.mfl Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vss.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\vsswmi.dll.mui Handle ID: 0x72c4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wbemcntl.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WbemCons.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wbemcore.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wbemtest.exe.mui Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wcncsvc.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WdacWmiProv.Dll.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WdacWmiProv.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WdacWmiProv_Uninstall.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wfascim.dll.mui Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wfascim.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wfascim_uninstall.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wfs.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\whqlprov.mfl Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\Win32_DeviceGuard.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\win32_printer.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wininit.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\winlogon.mfl Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WinMgmt.exe.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WinMgmtR.dll.mui Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmi.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WmiApRes.dll.mui Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WmiApRpl.dll.mui Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WmiApSrv.exe.mui Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WMIC.exe.mui Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipcima.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipdfs.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipdskq.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WMIPICMP.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipicmp.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipiprt.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipjobj.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmipsess.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WMIsvc.dll.mui Handle ID: 0x7e6c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmitimep.mfl Handle ID: 0xa94c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmiutils.dll.mui Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wmpnetwk.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wscenter.mfl Handle ID: 0xa94c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_fs.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_fs_uninstall.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_health.mfl Handle ID: 0xa94c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_health_uninstall.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_sr.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\wsp_sr_uninstall.mfl Handle ID: 0xa94c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WUDFx.mfl Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\WUDFx02000.mfl Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\xml.xsl Handle ID: 0xa94c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ru-RU\xwizards.mfl Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\ru\Microsoft.AppV.AppvClientComConsumer.resources.dll Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\ru\Microsoft.AppV.AppVClientPowerShell.resources.dll Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Appx\ru-RU\Appx.psd1 Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AssignedAccess\ru-RU\AssignedAccessMsg.psd1 Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\ru-RU\BitLocker.psd1 Handle ID: 0xa578 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Dism\ru\Microsoft.Dism.Powershell.Resources.dll Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ru-RU\ArchiveResources.psd1 Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ru-RU\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0x8fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\ru\Microsoft.Dtc.PowerShell.Resources.dll Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\ru-RU\TestDtc.psd1 Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetSecurity\ru\Microsoft.Windows.Firewall.Commands.Resources.dll Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\ru-RU\NetworkSwitchManager.Resource.psd1 Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PersistentMemory\ru\Microsoft.Storage.PersistentMemory.Management.Commands.Resources.dll Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DownloadManager\DSCFileDownloadManager\ru\Microsoft.PowerShell.DSC.FileDownloadManager.Resources.dll Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ru-RU\WindowsPackageCab.Strings.psd1 Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ru-RU\ArchiveProvider.psd1 Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ru-RU\MSFT_ArchiveResource.schema.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ru-RU\MSFT_EnvironmentResource.schema.mfl Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ru-RU\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ru-RU\MSFT_GroupResource.schema.mfl Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ru-RU\MSFT_GroupResource.strings.psd1 Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ru-RU\MSFT_LogResource.schema.mfl Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ru-RU\MSFT_PackageResource.schema.mfl Handle ID: 0xa9a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ru-RU\PackageProvider.psd1 Handle ID: 0xb7a8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ru-RU\MSFT_ProcessResource.schema.mfl Handle ID: 0xa9e4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ru-RU\MSFT_ProcessResource.strings.psd1 Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ru-RU\MSFT_RegistryResource.schema.mfl Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ru-RU\MSFT_RegistryResource.strings.psd1 Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ru-RU\MSFT_RoleResource.schema.mfl Handle ID: 0x7e6c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ru-RU\MSFT_RoleResourceStrings.psd1 Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ru-RU\MSFT_ScriptResource.schema.mfl Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ru-RU\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ru-RU\MSFT_ServiceResource.schema.mfl Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ru-RU\MSFT_ServiceResource.strings.psd1 Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ru-RU\MSFT_UserResource.schema.mfl Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ru-RU\MSFT_UserResource.strings.psd1 Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ru-RU\MSFT_WaitForAll.schema.mfl Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ru-RU\MSFT_WaitForAny.schema.mfl Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ru-RU\MSFT_WaitForSome.schema.mfl Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ru-RU\MSFT_WindowsOptionalFeature.schema.mfl Handle ID: 0xa978 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ru-RU\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ru-RU\RunAsHelper.strings.psd1 Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ru-RU\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ru-RU\PSDSCxMachine.strings.psd1 Handle ID: 0xa978 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\ru\Microsoft.WindowsSearch.Commands.Resources.dll Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru\powershell_ise.resources.dll Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru-RU\default.help.txt Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru-RU\powershell.exe.mui Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru-RU\PSEvents.dll.mui Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru-RU\pspluginwkr.dll.mui Handle ID: 0x72d0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\ru-RU\pwrshmsg.dll.mui Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winrm\0419\winrm.ini Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\pris\resources.ru-RU.pri Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.ru-RU.pri Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ApplicationGuard\LearnMore.html Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\acr_error.htm Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\BlockSite.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\defaultbrowser.htm Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\DisableAboutFlag.htm Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\dnserror.html Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\ErrorPageStyles.css Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\forbidframingedge.htm Handle ID: 0xa9bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\hstscerterror.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_400.htm Handle ID: 0x61f4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_403.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_404.htm Handle ID: 0x116c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_406.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_410.htm Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_500.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_501.htm Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\http_gen.htm Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\invalidcert.htm Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\navcancl.htm Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\needhvsi.html Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\needie.html Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferror.html Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrordisabledforregion.html Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrormfnotfound.html Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorneedcontentlocally.html Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorneedcredentials.html Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorofflineaccessdenied.html Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorquitapplicationguard.html Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorrenewrentallicense.html Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorrepurchasecontent.html Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\pdferrorunknownerror.html Handle ID: 0x61fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\PhishSite_Iframe.htm Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\PhishSiteEdge.htm Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\PhishSiteStyles.css Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\proxyerror.htm Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\repost.htm Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\servbusy.htm Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\sslnavcancel.htm Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\startfresh.html Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\tlserror.htm Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\TridentErrorPageStyles.css Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\unknownprotocol.htm Handle ID: 0xaee0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\ErrorPages\WpcBlockFrame.htm Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ru-RU\assets\OfflineTabs\OfflineTabs.html Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\pris\resources.ru-RU.pri Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61f8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x61fc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\pris\resources.ru-RU.pri Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa978 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x9e24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa978 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\Microsoft.Windows.SecHealthUI.ru-RU.pri Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents\pris\ShellComponents.ru-RU.pri Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents.DragDrop\pris\ShellComponents.DragDrop.ru-RU.pri Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents.Switcher\pris\ShellComponents.Switcher.ru-RU.pri Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows-NFC-SEManagement\pris\Windows-NFC-SEManagement.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\PRIS\Windows.ShellCommon.SharedResources.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.AccountsControl\PRIS\Windows.UI.AccountsControl.ru-RU.pri Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.BioFeedback\pris\Windows.UI.BioFeedback.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.BlockedShutdown\pris\Windows.UI.BlockedShutdown.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Cred\pris\Windows.UI.Cred.ru-RU.pri Handle ID: 0xa978 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\pris\Windows.UI.Logon.ru-RU.pri Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.PCShell\pris\Windows.UI.PCShell.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.PrintDialog\pris\Windows.UI.PrintDialog.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Search\pris\Windows.UI.Search.ru-RU.pri Handle ID: 0xa980 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\pris\Windows.UI.SettingsAdminFlowUIThreshold.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.ru-RU.pri Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\pris\Windows.UI.SettingsHandlers-nt.ru-RU.pri Handle ID: 0xa964 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Shell\pris\Windows.UI.Shell.ru-RU.pri Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.ru-RU.pri Handle ID: 0xa96c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommonInetCore\pris\Windows.UI.ShellCommonInetCore.ru-RU.pri Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\CbsProvider.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\DismCore.dll.mui Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\DismProv.dll.mui Handle ID: 0xa974 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\DmiProvider.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\FfuProvider.dll.mui Handle ID: 0xa964 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\FolderProvider.dll.mui Handle ID: 0xa990 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\GenericProvider.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\ImagingProvider.dll.mui Handle ID: 0xa964 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\IntlProvider.dll.mui Handle ID: 0xa990 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\LogProvider.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\OfflineSetupProvider.dll.mui Handle ID: 0xa998 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\OSProvider.dll.mui Handle ID: 0xa964 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\ProvProvider.dll.mui Handle ID: 0xa998 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\SmiProvider.dll.mui Handle ID: 0xa990 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\UnattendProvider.dll.mui Handle ID: 0xa974 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\VhdProvider.dll.mui Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ru-RU\WimProvider.dll.mui Handle ID: 0xa990 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DriverStore\ru-RU\ntprint.inf_loc Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\ru-RU\F12Platform.dll.mui Handle ID: 0xa990 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\ru-RU\F12Platform2.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\ru-RU\F12Script.dll.mui Handle ID: 0xa9c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\ru-RU\IEChooser.exe.mui Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\ru-RU\SxsMigPlugin.dll.mui Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MUI\0419\mscorees.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru\AuthFWSnapIn.Resources.dll Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru\AuthFWWizFwk.Resources.dll Handle ID: 0xa964 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\adrclient.dll.mui Handle ID: 0xa958 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\audiodev.dll.mui Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\dfshim.dll.mui Handle ID: 0x5a88 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\iac25_32.ax.mui Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\iccvid.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\IEAdvpack.dll.mui Handle ID: 0xa8d4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\iexpress.exe.mui Handle ID: 0xa974 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\inseng.dll.mui Handle ID: 0xa93c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\ir32_32original.dll.mui Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\ir41_32original.dll.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\ir50_32original.dll.mui Handle ID: 0xa948 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\isoburn.exe.mui Handle ID: 0x6c70 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\ivfsrc.ax.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\joy.cpl.mui Handle ID: 0xa958 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\jscript9.dll.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\licmgr10.dll.mui Handle ID: 0xa948 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\MFC40.dll.mui Handle ID: 0x6c70 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\MFC40u.dll.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\mscpxl32.dll.mui Handle ID: 0xa98c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\msfeedsbs.dll.mui Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\mshta.exe.mui Handle ID: 0x6c70 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\mshtmler.dll.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\msjint40.dll.mui Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\msmpeg2enc.dll.mui Handle ID: 0x6c70 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\msorc32r.dll.mui Handle ID: 0xa480 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\mswstr10.dll.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\odbcconf.exe.mui Handle ID: 0x6d48 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\odbcji32.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\olecli32.dll.mui Handle ID: 0xa958 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\onexui.dll.mui Handle ID: 0x5a24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\p2pnetsh.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\perfhost.exe.mui Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\PhotoScreensaver.scr.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\PlayToStatusProvider.dll.mui Handle ID: 0xa928 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\PresentationHost.exe.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\rdvgogl32.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\rdvgumd32.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\setup16.exe.mui Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\slc.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\sppc.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\srm.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\srmshell.dll.mui Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\sxs.dll.mui Handle ID: 0x5a18 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\sxstrace.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\wextract.exe.mui Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\wiadss.dll.mui Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\XInput9_1_0.dll.mui Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\Licenses\_Default\Professional\license.rtf Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\Licenses\OEM\Professional\license.rtf Handle ID: 0x5a24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ru-RU\Licenses\Volume\Professional\license.rtf Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\SpeechUX\ru-RU Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\ru\Microsoft.AppV.AppVClientWmi.resources.dll Handle ID: 0xa9b4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\ru-RU\msfeedsbs.mfl Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ru\Microsoft.AppV.AppvClientComConsumer.resources.dll Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ru\Microsoft.AppV.AppVClientPowerShell.resources.dll Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ru-RU\AssignedAccessMsg.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ru-RU\BitLocker.psd1 Handle ID: 0x4ea8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ru\Microsoft.Dism.Powershell.Resources.dll Handle ID: 0x5a24 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ru-RU\ArchiveResources.psd1 Handle ID: 0x3bf0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:08 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ru-RU\Microsoft.PowerShell.ODataUtilsStrings.psd1 Handle ID: 0xa99c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ru\Microsoft.Dtc.PowerShell.Resources.dll Handle ID: 0xa960 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ru-RU\TestDtc.psd1 Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ru\Microsoft.Windows.Firewall.Commands.Resources.dll Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ru-RU\WindowsPackageCab.Strings.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ru-RU\ArchiveProvider.psd1 Handle ID: 0x1bfc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ru-RU\MSFT_EnvironmentResource.strings.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ru-RU\MSFT_GroupResource.strings.psd1 Handle ID: 0x6c7c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ru-RU\PackageProvider.psd1 Handle ID: 0xa8dc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ru-RU\MSFT_ProcessResource.strings.psd1 Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ru-RU\MSFT_RegistryResource.strings.psd1 Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ru-RU\MSFT_RoleResourceStrings.psd1 Handle ID: 0xa9e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ru-RU\MSFT_ScriptResourceStrings.psd1 Handle ID: 0x56a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ru-RU\MSFT_ServiceResource.strings.psd1 Handle ID: 0x56a4 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ru-RU\MSFT_UserResource.strings.psd1 Handle ID: 0x65e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ru-RU\MSFT_WindowsOptionalFeature.strings.psd1 Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ru-RU\RunAsHelper.strings.psd1 Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ru-RU\PSDesiredStateConfiguration.Resource.psd1 Handle ID: 0xb7c0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ru-RU\PSDSCxMachine.strings.psd1 Handle ID: 0xb784 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ru\powershell_ise.resources.dll Handle ID: 0xb760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ru-RU\pspluginwkr.dll.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:09 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XPSViewer\ru-RU\XPSViewer.exe.mui Handle ID: 0xb7b0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xa27c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xa824 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x9a3c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0xa824 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0xa26c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_fonts_0428e0346460ac4c.cdf-ms Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_nativeimages_ae465c5139d1dacc.cdf-ms Handle ID: 0xa9f0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v2.0.50727_443de60f3f6e0828.cdf-ms Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x9870 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x9898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_fonts_dc62106d96619a3c.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0x9898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_nativeimages_7f83bd6ed8241f3a.cdf-ms Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0x4490 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_windowsbase_v4.0_4.0.0.0_31bf3856ad364e35_5764ca98829cd598.cdf-ms Handle ID: 0x9a3c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationtypes_v4.0_4.0.0.0_31bf3856ad364e35_1f12bec8f88f4450.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationprovider_v4.0_4.0.0.0_31bf3856ad364e35_6bb637099f04ee2c.cdf-ms Handle ID: 0x5f28 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclientsideproviders_v4.0_4.0.0.0_31bf3856ad364e35_6944991d7b306f0d.cdf-ms Handle ID: 0xa27c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclient_v4.0_4.0.0.0_31bf3856ad364e35_35816ba0d06901c4.cdf-ms Handle ID: 0x8c30 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.xaml_v4.0_4.0.0.0_b77a5c561934e089_6747aba031bff5b1.cdf-ms Handle ID: 0x9870 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms.datavisualization_v4.0_4.0.0.0_31bf3856ad364_0478e70360a4d545.cdf-ms Handle ID: 0xa260 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms_v4.0_4.0.0.0_b77a5c561934e089_7780f78ea9286b2d.cdf-ms Handle ID: 0x5f28 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.controls.ribbon_v4.0_4.0.0.0_b77a5c561934e089_f0c023acb7bafe74.cdf-ms Handle ID: 0x8c3c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.extensions_v4.0_4.0.0.0_31bf3856ad364e35_472dc08bcbe9e0cb.cdf-ms Handle ID: 0xa260 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.applicationservices_v4.0_4.0.0.0_31bf3856ad364e35_68ccda43ca2f1ddf.cdf-ms Handle ID: 0x8c30 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.speech_v4.0_4.0.0.0_31bf3856ad364e35_cc6ea888502ba313.cdf-ms Handle ID: 0x9870 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.web_v4.0_4.0.0.0_31bf3856ad364e35_9664587824984869.cdf-ms Handle ID: 0x6bcc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.washosting_v4.0_4.0.0.0_b77a5c561934e089_fcc9ffe6a33d9e56.cdf-ms Handle ID: 0xa260 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.internals_v4.0_4.0.0.0_31bf3856ad364e35_648841c36e579803.cdf-ms Handle ID: 0x8898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.discovery_v4.0_4.0.0.0_31bf3856ad364e35_77886dd12f6a8907.cdf-ms Handle ID: 0x9a08 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.channels_v4.0_4.0.0.0_31bf3856ad364e35_3b879384d8488ea3.cdf-ms Handle ID: 0x9898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.activities_v4.0_4.0.0.0_31bf3856ad364e35_6a8dabdd0e877c8e.cdf-ms Handle ID: 0x8c3c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel_v4.0_4.0.0.0_b77a5c561934e089_b63f15dceb7fa3d7.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.security_v4.0_4.0.0.0_b03f5f7f11d50a3a_b1f6c453104409f9.cdf-ms Handle ID: 0x5f18 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.runtime.serialization_v4.0_4.0.0.0_b77a5c561934e089_f6fb5cdd6113e4c9.cdf-ms Handle ID: 0x8898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel.services_v4.0_4.0.0.0_b77a5c561934e089_9152e5e9cf585ca0.cdf-ms Handle ID: 0x8c30 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel_v4.0_4.0.0.0_b77a5c561934e089_b5d483bcf27e78c2.cdf-ms Handle ID: 0xa260 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.drawing.design_v4.0_4.0.0.0_b03f5f7f11d50a3a_251fc3e264cdd5af.cdf-ms Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.deployment_v4.0_4.0.0.0_b03f5f7f11d50a3a_e63bb68aefb0cd4a.cdf-ms Handle ID: 0x8898 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.core_v4.0_4.0.0.0_b77a5c561934e089_18d3047bb5729e36.cdf-ms Handle ID: 0x956c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.configuration_v4.0_4.0.0.0_b03f5f7f11d50a3a_d8a1d11d04cdf6db.cdf-ms Handle ID: 0x9870 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.activities_v4.0_4.0.0.0_31bf3856ad364e35_bdef15cb807505c8.cdf-ms Handle ID: 0x5f28 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system_v4.0_4.0.0.0_b77a5c561934e089_4348a29e5981af79.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_smdiagnostics_v4.0_4.0.0.0_b77a5c561934e089_8a46d250f4d4a9d0.cdf-ms Handle ID: 0x8c30 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework-systemdata_v4.0_4.0.0.0_b77a5c561934e089_89b90455552a8828.cdf-ms Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework_v4.0_4.0.0.0_31bf3856ad364e35_b57a3b1abb4f9cb2.cdf-ms Handle ID: 0x6528 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll Handle ID: 0xa260 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll Handle ID: 0x8c30 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll Handle ID: 0x22bc Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll Handle ID: 0x9a08 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:34 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Handle ID: 0x95ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2020-10-30 04:21:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:21:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:42 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:21:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:48 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1055210
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:48 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0xffc Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x1055210
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x5f80 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x9388 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x9268 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_macromed_flash_853cbcf10f17f618.cdf-ms Handle ID: 0x8920 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x9760 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_macromed_flash_5ff3bc7496f0271e.cdf-ms Handle ID: 0x9188 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\activex.vch Handle ID: 0x8920 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\Flash.ocx Handle ID: 0x89ac Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x7598 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x8920 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\activex.vch Handle ID: 0x6504 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx Handle ID: 0x7598 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x1e90 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:49 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x9268 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2020-10-30 04:21:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:21:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Users\Default\AppData\Local\Microsoft\WindowsApps Handle ID: 0x7c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\Boot Handle ID: 0x7c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\schemas\EAPHost Handle ID: 0x7d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\schemas\EAPMethods Handle ID: 0x7d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing Handle ID: 0x7d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\Packages Handle ID: 0x7d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\Sessions Handle ID: 0x7c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\servicing\SQM Handle ID: 0x7c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\Speech\Common Handle ID: 0x7d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\AdvancedInstallers Handle ID: 0x7d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:55 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\Boot Handle ID: 0x7d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:56 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\RasToast Handle ID: 0x7e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:56 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\Speech\Common Handle ID: 0x7e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:56 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\SysWOW64\AdvancedInstallers Handle ID: 0x7e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:56 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WaaS Handle ID: 0x7d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps Handle ID: 0x71c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\WindowsShell.Manifest Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nt-core-bootmanager_31bf3856ad364e35_10.0.19041.1_none_a1c3d9420e6939cc\BootDebuggerFiles.ini Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\boot.stl Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1_none_dc058eb644f1f90b\bfsvc.exe Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kdnet_uart16550.dll Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.19041.1_none_9358d67af855fc5a\kdstub.dll Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_10df.dll Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1137.dll Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1af4.dll Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_07_1415.dll Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_1969.dll Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_15b3.dll Handle ID: 0x7cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_19a2.dll Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\winsipolicy.p7b Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_0C_8086.dll Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1_none_250b9aff0f5d41ee\notepad.exe Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_29841988436f4072\memtest.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_46694069b3c83c61\bootmgr.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f172b704a150188c\bootmgfw.efi.mui Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_46694069b3c83c61\bootmgfw.efi.mui Handle ID: 0x7cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f172b704a150188c\bootmgr.efi.mui Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_da-dk_c6bdf9af39b53c71\memtest.efi.mui Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_da-dk_8eac972b9796148b\bootmgr.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c7_31bf3856ad364e35_10.0.19041.1_none_c219476991a48a52\drvmain.sdb Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_da-dk_8eac972b9796148b\bootmgfw.efi.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_c3e98eeb3b8b910b\memtest.efi.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_el-gr_6c7fbc7e2aa0f999\memtest.efi.mui Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_de-de_8bd82c67996c6925\bootmgfw.efi.mui Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_14e4.dll Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-gb_2d4047428d21c125\bootmgfw.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_de-de_8bd82c67996c6925\bootmgr.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_el-gr_346e59fa8881d1b3\bootmgfw.efi.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_el-gr_346e59fa8881d1b3\bootmgr.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\regedit.exe Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-gb_2d4047428d21c125\bootmgr.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cda64e42a699cd0\memtest.efi.mui Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-us_34c90260884a74ea\bootmgr.efi.mui Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_6ca5c1c82a908e75\memtest.efi.mui Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_8086.dll Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-es_34945f448871668f\bootmgfw.efi.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_en-us_34c90260884a74ea\bootmgfw.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-es_34945f448871668f\bootmgr.efi.mui Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_et-ee_2e542ad48c77431e\bootmgfw.efi.mui Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-mx_36cb4cea87054a3a\bootmgfw.efi.mui Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_0bc0c6751faa809f\memtest.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_es-mx_36cb4cea87054a3a\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_et-ee_2e542ad48c77431e\bootmgr.efi.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_d3af63f17d8b58b9\bootmgfw.efi.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_d3af63f17d8b58b9\bootmgr.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f5d37c71d62a4d7\memtest.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ertransport-network_31bf3856ad364e35_10.0.19041.1_none_a8a8654729b55b6e\kd_02_10ec.dll Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_cfc21f8d801be317\bootmgfw.efi.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_cfc21f8d801be317\bootmgr.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_56cdb80f01c273f3\memtest.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d74bd5437b437cf1\bootmgfw.efi.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_1d882fc56065eaa5\bootmgfw.efi.mui Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_1d882fc56065eaa5\bootmgr.efi.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\bootmgfw.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_1ebc558b5fa34c0d\bootmgr.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_f9852e0df4948a55\memtest.efi.mui Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_it-it_c173cb8a5275626f\bootmgfw.efi.mui Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_it-it_c173cb8a5275626f\bootmgr.efi.mui Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9baaad1ae7af9c30\memtest.efi.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_63994a974590744a\bootmgfw.efi.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_63994a974590744a\bootmgr.efi.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d74bd5437b437cf1\bootmgr.efi.mui Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0703274c38013b60\bootmgfw.efi.mui Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0703274c38013b60\bootmgr.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_3f1489cfda206346\memtest.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_27a70b04b2458f02\memtest.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_aace534d2a2906fd\bootmgfw.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_25e65642b37198d7\memtest.efi.mui Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_aace534d2a2906fd\bootmgr.efi.mui Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_6c22b0c49894068b\memtest.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_ab9bc1d129a747ed\bootmgfw.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_ab9bc1d129a747ed\bootmgr.efi.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nb-no_ef95a8811026671c\bootmgfw.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nb-no_ef95a8811026671c\bootmgr.efi.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_edd4f3bf115270f1\bootmgfw.efi.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_edd4f3bf115270f1\bootmgr.efi.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_34114e40f674dea5\bootmgfw.efi.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_34114e40f674dea5\bootmgr.efi.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_6f586ad4968d0a4b\memtest.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-br_366538e4f4fe7289\bootmgfw.efi.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-br_6e769b68971d9a6f\memtest.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-br_366538e4f4fe7289\bootmgr.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_2b765c956db488cf\memtest.efi.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_37470850f46de265\bootmgfw.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_b5fb7c987b6e9877\memtest.efi.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_37470850f46de265\bootmgr.efi.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_7b81ce88dad4adc1\bootmgfw.efi.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_7b81ce88dad4adc1\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_7dea1a14d94f7091\bootmgfw.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_7dea1a14d94f7091\bootmgr.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_1d051ec1ce6962bb\bootmgfw.efi.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_sv-se_51f6670d7297a2d2\memtest.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_1d051ec1ce6962bb\bootmgr.efi.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sl-si_1c174079cf03759e\bootmgfw.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sl-si_1c174079cf03759e\bootmgr.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_fb03b1546153a4c3\memtest.efi.mui Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c247a8be44151ccf\bootmgfw.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sv-se_19e50489d0787aec\bootmgfw.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c247a8be44151ccf\bootmgr.efi.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_sv-se_19e50489d0787aec\bootmgr.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_c2f24ed0bf347cdd\bootmgfw.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_c2f24ed0bf347cdd\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5ed23177b665a329\bootmgfw.efi.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_cc60cf52118b76e2\memtest.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_d05d0ca80efc5352\memtest.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_944f6cce6f6c4efc\bootmgfw.efi.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_944f6cce6f6c4efc\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_984baa246cdd2b6c\bootmgfw.efi.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_984baa246cdd2b6c\bootmgr.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5ed23177b665a329\bootmgr.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segmono_boot.ttf Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\meiryon_boot.ttf Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\meiryo_boot.ttf Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\malgunn_boot.ttf Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\msjh_boot.ttf Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\malgun_boot.ttf Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootnxt Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\msyhn_boot.ttf Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\msjhn_boot.ttf Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\msyh_boot.ttf Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\wgl4_boot.ttf Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootuwf.dll Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segoen_slboot.ttf Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-eng-boot_31bf3856ad364e35_10.0.19041.1_none_fa8429484d90337d\segoe_slboot.ttf Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_33d8c3da77d0026d\memtest.exe.mui Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_da-dk_d112a4016e15fe6c\memtest.exe.mui Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootvhd.dll Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_ce3e393d6fec5306\memtest.exe.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_el-gr_76d466d05f01bb94\memtest.exe.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_772f0f365eca5ecb\memtest.exe.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootmgr Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_es-es_76fa6c1a5ef15070\memtest.exe.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_161570c7540b429a\memtest.exe.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_19b1e21951c366d2\memtest.exe.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..re-bootmanager-pcat_31bf3856ad364e35_10.0.19041.1_none_1cfc24839a30984f\bootspaces.dll Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_61226261362335ee\memtest.exe.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_03d9d86028f54c50\memtest.exe.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a5ff576d1c105e2b\memtest.exe.mui Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_496934220e812541\memtest.exe.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_31fbb556e6a650fd\memtest.exe.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_303b0094e7d25ad2\memtest.exe.mui Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_76775b16ccf4c886\memtest.exe.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-br_78cb45bacb7e5c6a\memtest.exe.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\abortpxe.com Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_79ad1526caedcc46\memtest.exe.mui Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_c05026eaafcf5a72\memtest.exe.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_sv-se_5c4b115fa6f864cd\memtest.exe.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_d6b579a445ec38dd\memtest.exe.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_dab1b6fa435d154d\memtest.exe.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_05585ba695b466be\memtest.exe.mui Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom1.com Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-pxe-base_31bf3856ad364e35_10.0.19041.1_none_d488a0911d97d7fa\WdsConfig.inf Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom1.n12 Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom2.com Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\hdlscom2.n12 Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_35cb06e7a2154aca\memtest.exe.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\pxeboot.com Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\pxeboot.n12 Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\wdsnbp.com Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_0bf05f43e2a51dff\wdsmgfw.efi.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_8e265beda3fae139\memtest.efi Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\bootmgr.efi Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_24889a0c5a8c93da\bootmgr.exe.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_cf9210a748147005\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_24889a0c5a8c93da\bootmgr.efi.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_cf9210a748147005\bootmgr.exe.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_da-dk_6ccbf0ce3e5a6c04\bootmgr.efi.mui Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_de-de_a655d4a6dac16e98\wdsmgfw.efi.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_da-dk_6ccbf0ce3e5a6c04\bootmgr.exe.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_de-de_69f7860a4030c09e\bootmgr.efi.mui Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ore-bootmanager-efi_31bf3856ad364e35_10.0.19041.1_none_3d71f65b3bbd6193\bootmgfw.efi Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-gb_0b5fa0e533e6189e\bootmgr.efi.mui Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_el-gr_128db39d2f46292c\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_el-gr_128db39d2f46292c\bootmgr.exe.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_4f46aa9fc99f7a5d\wdsmgfw.efi.mui Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-gb_0b5fa0e533e6189e\bootmgr.exe.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-us_12e85c032f0ecc63\bootmgr.exe.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_en-us_79543bbc0cf10fda\bootmgr.exe.mui Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_es-es_4f120783c9c66c02\wdsmgfw.efi.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_de-de_69f7860a4030c09e\bootmgr.exe.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_en-us_12e85c032f0ecc63\bootmgr.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-es_12b3b8e72f35be08\bootmgr.efi.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-es_12b3b8e72f35be08\bootmgr.exe.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_et-ee_0c738477333b9a97\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-mx_14eaa68d2dc9a1b3\bootmgr.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_es-mx_14eaa68d2dc9a1b3\bootmgr.exe.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_et-ee_0c738477333b9a97\bootmgr.exe.mui Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b1cebd94244fb032\bootmgr.efi.mui Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b1cebd94244fb032\bootmgr.exe.mui Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f1c97d82bc988264\wdsmgfw.efi.mui Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_3939fdcaa0f85180\wdsmgfw.efi.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_ade1793026e03a90\bootmgr.exe.mui Handle ID: 0x8bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b56b2ee62207d46a\bootmgr.efi.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b56b2ee62207d46a\bootmgr.exe.mui Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_fba78968072a421e\bootmgr.exe.mui Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_ade1793026e03a90\bootmgr.efi.mui Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_it-it_dbf173c993ca67e2\wdsmgfw.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_fcdbaf2e0667a386\bootmgr.exe.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_fba78968072a421e\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_41b8a439ec54cbc3\bootmgr.efi.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_41b8a439ec54cbc3\bootmgr.exe.mui Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_fcdbaf2e0667a386\bootmgr.efi.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f93252cf939b9e8\bootmgr.efi.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f93252cf939b9e8\bootmgr.exe.mui Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e52280eedec592d9\bootmgr.efi.mui Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7e16f2d686e579bd\wdsmgfw.efi.mui Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e52280eedec592d9\bootmgr.exe.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_2180cf8b795640d3\wdsmgfw.efi.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.19041.1_none_4725460d78ca7a0a\bootmgr.exe Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_08529bfe52a77664\wdsmgfw.efi.mui Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_88edacefd0ed5e76\bootmgr.efi.mui Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_88edacefd0ed5e76\bootmgr.exe.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_89bb1b73d06b9f66\bootmgr.efi.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_89bb1b73d06b9f66\bootmgr.exe.mui Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nb-no_cdb50223b6eabe95\bootmgr.efi.mui Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nb-no_cdb50223b6eabe95\bootmgr.exe.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cbf44d61b816c86a\bootmgr.efi.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_4e8ef68037c9e418\wdsmgfw.efi.mui Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cbf44d61b816c86a\bootmgr.exe.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pt-br_50e2e124365377fc\wdsmgfw.efi.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1230a7e39d39361e\bootmgr.efi.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1230a7e39d39361e\bootmgr.exe.mui Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_51c4b09035c2e7d8\wdsmgfw.efi.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-br_148492879bc2ca02\bootmgr.efi.mui Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-br_148492879bc2ca02\bootmgr.exe.mui Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_156661f39b3239de\bootmgr.efi.mui Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_156661f39b3239de\bootmgr.exe.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_9867c2541aa47604\wdsmgfw.efi.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_d18453b47259b862\bootmgr.efi.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps-ploc_d18453b47259b862\bootmgr.exe.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps..ocm_6be18169d83831ab\bootmgr.efi.mui Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_qps..ocm_6be18169d83831ab\bootmgr.exe.mui Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_59a1282b8199053a\bootmgr.exe.mui Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5c0973b78013c80a\bootmgr.exe.mui Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_fb247864752dba34\bootmgr.efi.mui Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_fb247864752dba34\bootmgr.exe.mui Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_59a1282b8199053a\bootmgr.efi.mui Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5c0973b78013c80a\bootmgr.efi.mui Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_sv-se_3462acc911cd805f\wdsmgfw.efi.mui Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sl-si_fa369a1c75c7cd17\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sl-si_fa369a1c75c7cd17\bootmgr.exe.mui Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a0670260ead97448\bootmgr.efi.mui Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a0670260ead97448\bootmgr.exe.mui Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_dd6ff71000898250\wdsmgfw.efi.mui Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sv-se_f8045e2c773cd265\bootmgr.efi.mui Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_sv-se_f8045e2c773cd265\bootmgr.exe.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a111a87365f8d456\bootmgr.efi.mui Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_aecd150db0c1546f\wdsmgfw.efi.mui Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a111a87365f8d456\bootmgr.exe.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-pxe-base.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_b2c95263ae3230df\wdsmgfw.efi.mui Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootres_31bf3856ad364e35_10.0.19041.1_none_f50dcea7214e5b1f\bootres.dll Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3cf18b1a5d29faa2\bootmgr.efi.mui Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\analyticsevents.dat Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_726ec6711630a675\bootmgr.efi.mui Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3cf18b1a5d29faa2\bootmgr.exe.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\RemoteAggregatorTriggerCriteria.dat Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\GetFileInfoActionAllowedList.dat Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_726ec6711630a675\bootmgr.exe.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_766b03c713a182e5\bootmgr.efi.mui Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_766b03c713a182e5\bootmgr.exe.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\GetFileActionAllowedList.dat Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.tracing.json Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\RunExeActionAllowedList.dat Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\telemetry.ASM-WindowsDefault.json Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.uif_ondemand.json Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.app.json Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fix.fon Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixe.fon Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixg.fon Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixr.fon Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\8514fixt.fon Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\utc.privacy.diffbase Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemg.fon Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oeme.fon Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemr.fon Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oem.fon Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\8514oemt.fon Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sys.fon Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.diag_ondemand.xml Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514syse.fon Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sysg.fon Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514syst.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\8514sysr.fon Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\85855.fon Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1255.fon Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\utc.allow.diffbase Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\85775.fon Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1257.fon Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1255.fon Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f874.fon Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\85f1256.fon Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1256.fon Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s1257.fon Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\85s874.fon Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app850.fon Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app852.fon Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app855.fon Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app857.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-jpn-boot_31bf3856ad364e35_10.0.19041.1_none_3f0d37efc90f3433\jpn_boot.ttf Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app866.fon Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app775.fon Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40737.fon Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40850.fon Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\c8514fix.fon Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\c8514oem.fon Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40852.fon Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40857.fon Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40866.fon Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\c8514sys.fon Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40869.fon Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80737.fon Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80850.fon Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga40woa.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80852.fon Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80857.fon Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80866.fon Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80869.fon Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\cga80woa.fon Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app932.fon Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app950.fon Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app949.fon Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\app936.fon Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\cvgafix.fon Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\cvgasys.fon Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-pxe-base_31bf3856ad364e35_10.0.19041.1_none_d488a0911d97d7fa\wdsmgfw.efi Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40869.fon Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40737.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40850.fon Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40852.fon Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dos737.fon Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dos869.fon Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\dosapp.fon Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40857.fon Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80737.fon Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80850.fon Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40866.fon Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega40woa.fon Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80852.fon Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80857.fon Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80866.fon Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80869.fon Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-terminal_31bf3856ad364e35_10.0.19041.1_none_ca60666860ba12d7\ega80woa.fon Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\hvgafix.fon Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\hvgasys.fon Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\h8514sys.fon Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\h8514fix.fon Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\jvgafix.fon Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\h8514oem.fon Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\j8514fix.fon Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\j8514sys.fon Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-shell-client_31bf3856ad364e35_10.0.19041.1_none_e760ef0fa6b01397\shellbrd.dll Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\j8514oem.fon Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\jvgasys.fon Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_10.0.19041.1_none_044604f09eae4abd\marlett.ttf Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\s8514fix.fon Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\s8514oem.fon Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\s8514sys.fon Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_10.0.19041.1_none_b537ffbd18185517\lucon.ttf Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..tings-windowsclient_31bf3856ad364e35_10.0.19041.1_none_303c934463211164\windows.uif_ondemand.xml Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolab.ttf Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consola.ttf Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-base-client_31bf3856ad364e35_10.0.19041.1_none_57c12d0ce48934e2\basebrd.dll Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolaz.ttf Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_10.0.19041.1_none_1fe0609844af8bce\consolai.ttf Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segmdl2.ttf Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguibl.ttf Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguibli.ttf Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuii.ttf Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-kor-boot_31bf3856ad364e35_10.0.19041.1_none_10b88dcf347e1295\kor_boot.ttf Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\svgafix.fon Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\svgasys.fon Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuiz.ttf Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguili.ttf Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga737.fon Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga775.fon Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga850.fon Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga852.fon Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga855.fon Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga857.fon Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguisbi.ttf Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga860.fon Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga861.fon Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga863.fon Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga865.fon Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga866.fon Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga869.fon Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga932.fon Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_10.0.19041.1_none_149fbfda868baffa\sylfaen.ttf Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga936.fon Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga949.fon Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vga950.fon Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1255.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1256.fon Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-microsoftsansserif_31bf3856ad364e35_10.0.19041.1_none_df0b1258e7682d8a\micross.ttf Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf1257.fon Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafix.fon Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgaf874.fon Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixe.fon Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixg.fon Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixr.fon Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-oem_31bf3856ad364e35_10.0.19041.1_none_b3552a6f4dc424b4\vgaoem.fon Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_10.0.19041.1_none_3500efd1cdfd0fad\vgafixt.fon Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..i_italicssupplement_31bf3856ad364e35_10.0.19041.1_none_56130ec247ca84b6\seguisli.ttf Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1255.fon Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1256.fon Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas1257.fon Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasys.fon Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgas874.fon Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasyse.fon Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuisl.ttf Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasysg.fon Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuil.ttf Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasysr.fon Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-bitmap-system_31bf3856ad364e35_10.0.19041.1_none_3947da6a963cb0d8\vgasyst.fon Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\segoeuib.ttf Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-chs-boot_31bf3856ad364e35_10.0.19041.1_none_8ad4cb82aed2b7dd\chs_boot.ttf Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..core-fonts-cht-boot_31bf3856ad364e35_10.0.19041.1_none_7407304ac87a067c\cht_boot.ttf Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\apps.inf Handle ID: 0x92c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguisb.ttf Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltrdsh.inf Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\dwup.inf Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltwk.inf Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\defltbase.inf Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\dwup-noregkeys.inf Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguihis.ttf Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_10.0.19041.1_none_e5bd78301400fdf4\tahomabd.ttf Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_10.0.19041.1_none_e5bd78301400fdf4\tahoma.ttf Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-erratamanager_31bf3856ad364e35_10.0.19041.1_none_241785270b375893\errata.inf Handle ID: 0x97c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_10.0.19041.1_none_4ba260bf507a307f\fontsetup.inf Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\puwk.inf Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\rdshup.inf Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ram-disk-driver_31bf3856ad364e35_10.0.19041.1_none_c051ee891e045c04\ramdisk.inf Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguiemj.ttf Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\secrecs.inf Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\sceregvl.inf Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lagcounterdef.h Handle ID: 0x978 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lagcounterdef.ini Handle ID: 0xa54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrnm.h Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\rasctrnm.h Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrs.ini Handle ID: 0xa68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_10.0.19041.1_en-us_761f89bd7d6d7bf2\rasctrs.ini Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\baseeapconnectionpropertiesv1.xsd Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\baseeapmethodconfig.xsd Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\baseeapmethodusercredentials.xsd Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\baseeapuserpropertiesv1.xsd Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapcommon.xsd Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\eapconnectionpropertiesv1.xsd Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\EapGenericUserCredentials.xsd Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eaphostconfig.xsd Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eaphostusercredentials.xsd Handle ID: 0x9b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ocol-legacy-schemas_31bf3856ad364e35_10.0.19041.1_none_6dff243ce8767893\eapuserpropertiesv1.xsd Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv2.xsd Handle ID: 0xa98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsuserpropertiesv1.xsd Handle ID: 0xa9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv3.xsd Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\eaptlsconnectionpropertiesv1.xsd Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mschapv2connectionpropertiesv1.xsd Handle ID: 0xaa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mschapv2userpropertiesv1.xsd Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv2.xsd Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv3.xsd Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapconnectionpropertiesv1.xsd Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapmethods_31bf3856ad364e35_10.0.19041.1_none_5c7cc1d3209be6cb\mspeapuserpropertiesv1.xsd Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wrp-integrity-api_31bf3856ad364e35_10.0.19041.1_none_bea9c86a7943c78b\wrpintapi.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack-msg_31bf3856ad364e35_10.0.19041.1_none_f4907776ca64ee01\CbsMsg.dll Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cbsapi_31bf3856ad364e35_10.0.19041.1_none_0452e0998fc47d6f\CbsApi.dll Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1_none_46fe4107ec843c76\TrustedInstaller.exe Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:58 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_10.0.19041.1_none_86ad113cb19a34e3\seguisym.ttf Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\x86_installed Handle ID: 0xd2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\amd64_installed Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1_none_d24e62087d8454d4\@VpnToastIcon.png Handle ID: 0x9fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_13cec30c02f42f59\6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32res_31bf3856ad364e35_10.0.19041.1_none_a7eca47ac0021603\advapi32res.dll Handle ID: 0x9f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\activeds.tlb Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\ARP.EXE Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aero_31bf3856ad364e35_10.0.19041.1_none_61d41f0eb8c71cc4\aero.msstyles Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\advpack.dll Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_687f28352b92068b\attrib.exe Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\atmlib.dll Handle ID: 0xcfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-apisetschema-windows_31bf3856ad364e35_10.0.19041.1_none_e01d9d0bfa07ae7e\apisetschema.dll Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atl_31bf3856ad364e35_10.0.19041.1_none_61114d49f90ff362\atl.dll Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_10.0.19041.1_none_2cba77a9587eb117\asycfilt.dll Handle ID: 0xb18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\activeds.dll Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tingversion-default_31bf3856ad364e35_10.0.19041.1_none_56384c8ae847f6cc\SortDefault.nls Handle ID: 0xd3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_10.0.19041.1_none_152381bd05dadff7\adsldpc.dll Handle ID: 0xa08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basesrv_31bf3856ad364e35_10.0.19041.1_none_c2bbf8598318544b\basesrv.dll Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..-configuration-data_31bf3856ad364e35_10.0.19041.1_none_b85d7ef5bf4cc5c7\bcd.dll Handle ID: 0xa10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..tiondata-com-server_31bf3856ad364e35_10.0.19041.1_none_959469660419d0bf\bcdsrv.dll Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_10.0.19041.1_none_a47da0f08ec32f0a\bcrypt.dll Handle ID: 0xb64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-strings_31bf3856ad364e35_10.0.19041.1_none_ae731d30ac4be0f7\bootstr.dll Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..on-authui-component_31bf3856ad364e35_10.0.19041.1_none_92c85869af354084\authui.dll Handle ID: 0xb4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootvid_31bf3856ad364e35_10.0.19041.1_none_ee6a88fd2591e316\BOOTVID.DLL Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-bootsectortool_31bf3856ad364e35_10.0.19041.1_none_c27f721834e813f5\bootsect.exe Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..entication-usermode_31bf3856ad364e35_10.0.19041.1_none_f012d0b713b1f299\authz.dll Handle ID: 0xb80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_1746f218dd81ed09\bcdboot.exe Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_c2078a8db9a59aef\bootcfg.exe Handle ID: 0xb70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-browseui_31bf3856ad364e35_10.0.19041.1_none_e6d3ef3685b35397\browseui.dll Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_10.0.19041.1_none_e37e715d37185736\browcli.dll Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ence-inventory-core_31bf3856ad364e35_10.0.19041.1_none_14c4e11698bd57a7\aepic.dll Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-capisp-dll_31bf3856ad364e35_10.0.19041.1_none_87f94d6adca395fc\capisp.dll Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui_31bf3856ad364e35_10.0.19041.1_none_0afb6ba153044137\aclui.dll Handle ID: 0xa04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cabapi_31bf3856ad364e35_10.0.19041.1_none_139681c37af5e1d9\cabapi.dll Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_a611e291f8627f2d\cfmifs.dll Handle ID: 0xb78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cfmifs_31bf3856ad364e35_10.0.19041.1_none_a611e291f8627f2d\cfmifsproxy.dll Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\chcp.com Handle ID: 0xd50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cabinet_31bf3856ad364e35_10.0.19041.1_none_ed305ea081493ac1\cabinet.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_ceb3891c2721fc43\chkntfs.exe Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.19041.1_none_77d767642c0e040b\chkdsk.exe Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkwudrv_31bf3856ad364e35_10.0.19041.1_none_3d0cf44cd5467f9b\chkwudrv.dll Handle ID: 0xba0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32_31bf3856ad364e35_10.0.19041.1_none_99395f2e25df3f2b\advapi32.dll Handle ID: 0xbb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\clb.dll Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.19041.1_none_c82286e8b667d357\bcryptprimitives.dll Handle ID: 0xbb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-brokerbase_31bf3856ad364e35_10.0.19041.1_none_3969b2710b053055\BrokerLib.dll Handle ID: 0xa28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilitylibrariesext_31bf3856ad364e35_10.0.19041.1_none_26f4f0a946ac539a\cmdext.dll Handle ID: 0xd54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\cnvfat.dll Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-ole_31bf3856ad364e35_10.0.19041.1_none_ac20fe64570bc53f\comcat.dll Handle ID: 0xbd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.1_none_cd1a3bc29e2594be\cmifw.dll Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\cdd.dll Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\cfgmgr32.dll Handle ID: 0xbd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_10.0.19041.1_none_e2a1e85b858f5f9e\comres.dll Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.19041.1_none_3e1c0a49448926c6\bcdedit.exe Handle ID: 0xd58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\adtschema.dll Handle ID: 0xbc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.19041.1_none_40fdd440b9ba0fea\cmd.exe Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\convert.exe Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.1_none_d3c96faebd0ccc7e\console.dll Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_10.0.19041.1_none_8d6ec2ffdc050ea1\certcli.dll Handle ID: 0xbc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.1_none_80ac2d61ac960bf3\CredentialUIBroker.exe Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.1_none_66b82f27f4cd177d\CredProv2faHelper.dll Handle ID: 0xbdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1_none_a353adcda7cf69e6\convertvhd.exe Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-consolehostv1_31bf3856ad364e35_10.0.19041.1_none_f49bb5365975ebb7\ConhostV1.dll Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-credui-onecore_31bf3856ad364e35_10.0.19041.1_none_3146ea64c3238619\credui.dll Handle ID: 0x8bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_97e4facd611ea96a\autochk.exe Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\BFE.DLL Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-coml2_31bf3856ad364e35_10.0.19041.1_none_d3ae61841d552f16\coml2.dll Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\autoconv.exe Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdlg-dll_31bf3856ad364e35_10.0.19041.1_none_d8796aa5b7739615\cryptdlg.dll Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptbase_31bf3856ad364e35_10.0.19041.1_none_1b56e2fc4d577db0\cryptbase.dll Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..iderslegacy-library_31bf3856ad364e35_10.0.19041.1_none_125e3189c56b833d\credprovslegacy.dll Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdll-dll_31bf3856ad364e35_10.0.19041.1_none_bb8f936a4d22f7a0\cryptdll.dll Handle ID: 0xbb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptext-dll_31bf3856ad364e35_10.0.19041.1_none_b583d03eb516a763\cryptext.dll Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptcatsvc-dll_31bf3856ad364e35_10.0.19041.1_none_65a0b6af927c65ce\cryptcatsvc.dll Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsp-dll_31bf3856ad364e35_10.0.19041.1_none_df4e7b90a62a08e3\cryptsp.dll Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1_none_3b45bfdcc65513d5\ConsoleLogon.dll Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.19041.1_none_0ed4f15b837334c7\csrss.exe Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.1_none_b9df7be4896b96e8\certca.dll Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_037.NLS Handle ID: 0xd68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrsrv_31bf3856ad364e35_10.0.19041.1_none_7f78448944bb2844\csrsrv.dll Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_10.0.19041.1_none_5668fec1a41d6ac1\ci.dll Handle ID: 0xd70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1_none_7e925158dcd948ee\CSystemEventsBrokerClient.dll Handle ID: 0xd74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10000.NLS Handle ID: 0xd78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptnet-dll_31bf3856ad364e35_10.0.19041.1_none_cd0a4e9d9b333fbf\cryptnet.dll Handle ID: 0xd7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_10.0.19041.1_none_2bf0a6e83a2cd464\cryptsvc.dll Handle ID: 0xbe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10004.NLS Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-credprovhost-library_31bf3856ad364e35_10.0.19041.1_none_696eaa2dcd7e92b6\credprovhost.dll Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1_none_420c0d9efb7b6808\credprovs.dll Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10005.NLS Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10006.NLS Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10007.NLS Handle ID: 0x950 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptxml_31bf3856ad364e35_10.0.19041.1_none_04f27d56494ec1f6\cryptxml.dll Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10010.NLS Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10017.NLS Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10021.NLS Handle ID: 0xbf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10029.NLS Handle ID: 0xd80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10079.NLS Handle ID: 0xd84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10081.NLS Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10001.NLS Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10002.NLS Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.1_none_6ba21f2545051a20\comdlg32.dll Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1026.NLS Handle ID: 0x920 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10082.NLS Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1047.NLS Handle ID: 0xb90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1140.NLS Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1141.NLS Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1142.NLS Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1143.NLS Handle ID: 0x910 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1144.NLS Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1145.NLS Handle ID: 0xa30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1146.NLS Handle ID: 0xb98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10008.NLS Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1147.NLS Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1148.NLS Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_1149.NLS Handle ID: 0x808 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1250.NLS Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_10003.NLS Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1251.NLS Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1252.NLS Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1253.NLS Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1254.NLS Handle ID: 0xd8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1255.NLS Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1256.NLS Handle ID: 0xb50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1257.NLS Handle ID: 0x934 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1258.NLS Handle ID: 0xb8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1_none_238750f3c392980f\conhost.exe Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20105.NLS Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20106.NLS Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20107.NLS Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20127.NLS Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20269.NLS Handle ID: 0xd94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20000.NLS Handle ID: 0xb38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20108.NLS Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20002.NLS Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1_none_473895efd7bd22ae\clusapi.dll Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.1_none_643d9932f66c8c3f\CredProvDataModel.dll Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20273.NLS Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20001.NLS Handle ID: 0xc10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20277.NLS Handle ID: 0x958 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20261.NLS Handle ID: 0xa1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20278.NLS Handle ID: 0xa2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20003.NLS Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20280.NLS Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20284.NLS Handle ID: 0xc24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20004.NLS Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_1361.NLS Handle ID: 0xc18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20285.NLS Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20005.NLS Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20290.NLS Handle ID: 0xc40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20297.NLS Handle ID: 0xc38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20420.NLS Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20423.NLS Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_10.0.19041.1_none_3bdf68e23780d992\cryptui.dll Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20424.NLS Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20833.NLS Handle ID: 0xc4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20838.NLS Handle ID: 0xbec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20866.NLS Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20871.NLS Handle ID: 0xa48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20880.NLS Handle ID: 0xc50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20905.NLS Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_20924.NLS Handle ID: 0xa4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_21025.NLS Handle ID: 0x954 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_21027.NLS Handle ID: 0xc58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_21866.NLS Handle ID: 0xd9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28591.NLS Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28592.NLS Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28593.NLS Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28594.NLS Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28595.NLS Handle ID: 0xa44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28596.NLS Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28597.NLS Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28598.NLS Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28599.NLS Handle ID: 0xc28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\c_28603.nls Handle ID: 0xda4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_28605.NLS Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_437.NLS Handle ID: 0x964 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_500.NLS Handle ID: 0xa40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_708.NLS Handle ID: 0xc0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_720.NLS Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20932.NLS Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_737.NLS Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_775.NLS Handle ID: 0xda8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_850.NLS Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20936.NLS Handle ID: 0x92c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_852.NLS Handle ID: 0xc7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_855.NLS Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_857.NLS Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_858.NLS Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_860.NLS Handle ID: 0x7cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_861.NLS Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_862.NLS Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_863.NLS Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_864.NLS Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_865.NLS Handle ID: 0xdb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_866.NLS Handle ID: 0xdb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_869.NLS Handle ID: 0x978 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_870.NLS Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_874.NLS Handle ID: 0xdbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_875.NLS Handle ID: 0xdc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_20949.NLS Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\c_GSM7.DLL Handle ID: 0xa78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..codepage-additional_31bf3856ad364e35_10.0.19041.1_none_0b4e711bdf4c1580\C_ISCII.DLL Handle ID: 0x97c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_IS2022.DLL Handle ID: 0xdc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opactivitybrokerapi_31bf3856ad364e35_10.0.19041.1_none_3378fa68ed04027b\dabapi.dll Handle ID: 0x968 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_936.NLS Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webdavredir-helper_31bf3856ad364e35_10.0.19041.1_none_ea8fc0989dcc16c5\davhlpr.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_G18030.DLL Handle ID: 0x95c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_950.NLS Handle ID: 0x970 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_932.NLS Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-codepage-core_31bf3856ad364e35_10.0.19041.1_none_ecc5d2879c840ab0\C_949.NLS Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-desktopactivitybroker_31bf3856ad364e35_10.0.19041.1_none_8db60060e17b72c7\dab.dll Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\dciman32.dll Handle ID: 0x940 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragres.dll Handle ID: 0x820 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-debugcore_31bf3856ad364e35_10.0.19041.1_none_b2617c97eac94a9d\dbgcore.dll Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragproxy.dll Handle ID: 0xc84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\DeviceCensus.exe Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcpcmonitor_31bf3856ad364e35_10.0.19041.1_none_8bf062a40a113c29\dhcpcmonitor.dll Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dfsclient-netapi_31bf3856ad364e35_10.0.19041.1_none_168d48d3cfd5261b\dfscli.dll Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\devrtl.dll Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcsvc6.dll Handle ID: 0xcb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.1_none_0e74f8fe5c3e60f7\DeviceUpdateAgent.dll Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcsvc.dll Handle ID: 0xcb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.19041.1_none_f952033afd5152f9\devobj.dll Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\diagnosticdataquery.dll Handle ID: 0xb54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..authfactor-credprov_31bf3856ad364e35_10.0.19041.1_none_9e1ed363edf61543\devicengccredprov.dll Handle ID: 0xa84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcore6.dll Handle ID: 0xa54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.19041.1_none_1ec972de354a6d3f\diskpart.exe Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.19041.1_none_eadb9d8875f59863\dllhost.exe Handle ID: 0xca0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.19041.1_none_fa14fc3992df87f1\dllhst3g.exe Handle ID: 0xa90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcp-client-dll-minwin_31bf3856ad364e35_10.0.19041.1_none_22e5bf11f8683e9a\dhcpcore.dll Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client_31bf3856ad364e35_10.0.19041.1_none_97d38a6121b6e9e6\dnscacheugc.exe Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.1_none_2dd56991b1dc1578\dpapi.dll Handle ID: 0xca8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.1_none_ce4f7609576a21a4\defragsvc.dll Handle ID: 0xdcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ervicing-management_31bf3856ad364e35_10.0.19041.1_none_149ab09bad09f1c1\Dism.exe Handle ID: 0xdd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskraid_31bf3856ad364e35_10.0.19041.1_none_1b7ab1943757b81e\diskraid.exe Handle ID: 0xdd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-difxapi_31bf3856ad364e35_10.0.19041.1_none_be34ab12358fa2d8\difxapi.dll Handle ID: 0xcac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.1_none_1160cf5f7d314d55\crypt32.dll Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.19041.1_none_33c3e07f6cce5a52\dpapimig.exe Handle ID: 0x9a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe-drvload_31bf3856ad364e35_10.0.19041.1_none_4209d7c08f4e598d\drvload.exe Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.19041.1_none_4c13d8f934672657\driverquery.exe Handle ID: 0xcbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.1_none_0608d44b21a515d1\dsparse.dll Handle ID: 0xdd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dssetupcli_31bf3856ad364e35_10.0.19041.1_none_af2b2ecc57fe1a99\dsrole.dll Handle ID: 0xaa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_13cec30c02f42f59\drvsetup.dll Handle ID: 0xa68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directmanipulation_31bf3856ad364e35_10.0.19041.1_none_030d256540eba4b7\directmanipulation.dll Handle ID: 0xcd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapisrv-dll_31bf3856ad364e35_10.0.19041.1_none_c9a5571e5b3fffc7\dpapisrv.dll Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_f61301ca804606c1\DbgModel.dll Handle ID: 0xabc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devicecensus_31bf3856ad364e35_10.0.19041.1_none_65637d0d99e451f6\dcntel.dll Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.19041.1_none_4b7cc143c2832061\dnsrslvr.dll Handle ID: 0xa9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.19041.1_none_403af5649d7b9685\Eap3Host.exe Handle ID: 0xddc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-drvinst_31bf3856ad364e35_10.0.19041.1_none_0b4eeb140948562c\drvinst.exe Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-graphics-wdi_31bf3856ad364e35_10.0.19041.1_none_bee26a44319e1493\dxgwdi.dll Handle ID: 0xde0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_10.0.19041.1_none_f1e9c907244233d1\dssenh.dll Handle ID: 0xa80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_10.0.19041.1_none_95fff210df5ae16f\dwmapi.dll Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappgnui.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappprxy.dll Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eappcfg.dll Handle ID: 0xad0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.19041.1_none_4b7cc143c2832061\dnsapi.dll Handle ID: 0xde8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eappcfgui_31bf3856ad364e35_10.0.19041.1_none_444dbed03b2a15c1\eappcfgui.dll Handle ID: 0x9a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapp3hst.dll Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_10.0.19041.1_none_1fcfa3b2d46561c6\dpx.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.1_none_70e1de7eb854e747\eapprovp.dll Handle ID: 0xcd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..otocol-host-service_31bf3856ad364e35_10.0.19041.1_none_403af5649d7b9685\eapsvc.dll Handle ID: 0xad4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapprivateutil_31bf3856ad364e35_10.0.19041.1_none_ae1989077ff9e7e0\eapputil.dll Handle ID: 0xab4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_10.0.19041.1_none_1a0498b062c7aee6\eapphost.dll Handle ID: 0x9a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-duser_31bf3856ad364e35_10.0.19041.1_none_1065bbcc9bd80874\duser.dll Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-service_31bf3856ad364e35_10.0.19041.1_none_0c35d18ac419dd97\efssvc.dll Handle ID: 0xde4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.1_none_d7a48831f8fa235d\EapTeapAuth.dll Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_10.0.19041.1_none_fd0a6eeb422c1af6\efsutil.dll Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.1_none_d7a48831f8fa235d\EapTeapConfig.dll Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-lsa-extension_31bf3856ad364e35_10.0.19041.1_none_7f2b71ce5454a4a2\efslsaext.dll Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vss-eventcls_31bf3856ad364e35_10.0.19041.1_none_985100fe9e8acd26\eventcls.dll Handle ID: 0xab8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..lestorageengine-vss_31bf3856ad364e35_10.0.19041.1_none_6e7b8e97f7444bd4\esevss.dll Handle ID: 0xad8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..humb-shift_keyboard_31bf3856ad364e35_10.0.19041.1_none_a3b278e42f5b405a\f3ahvoas.dll Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventaggregation_31bf3856ad364e35_10.0.19041.1_none_63a798d6bc80e6c3\EventAggregation.dll Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_0e6389fff73df783\expand.exe Handle ID: 0xacc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..sedwritefilter-util_31bf3856ad364e35_10.0.19041.1_none_e87e01a9005f1ae6\fbwflib.dll Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-etw-ese_31bf3856ad364e35_10.0.19041.1_none_854be02225b9bfa7\ETWESEProviderResources.dll Handle ID: 0xdec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..cing-management-api_31bf3856ad364e35_10.0.19041.1_none_5cb2e5e4fea9a8fe\DismApi.dll Handle ID: 0xdf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe Handle ID: 0x9cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\finger.exe Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\fixmapi.exe Handle ID: 0xc54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\edgeIso.dll Handle ID: 0xdf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltLib.dll Handle ID: 0xce0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-debughelp_31bf3856ad364e35_10.0.19041.1_none_ae3da599ed690c93\dbghelp.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..eatureconfiguration_31bf3856ad364e35_10.0.19041.1_none_0dd6db73600c7ea8\fcon.dll Handle ID: 0xae4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.19041.1_none_cf7ec085c4b5345c\fltMC.exe Handle ID: 0xae8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.19041.1_none_8f7cfa81649ea7a8\esentutl.exe Handle ID: 0x9b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-feclient_31bf3856ad364e35_10.0.19041.1_none_74cb1eaef6f25b5b\feclient.dll Handle ID: 0x9bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1_none_a6e562aee2e2b404\drvstore.dll Handle ID: 0xa6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fmifs_31bf3856ad364e35_10.0.19041.1_none_0cff7f08d0f4bc40\fmifs.dll Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-format_31bf3856ad364e35_10.0.19041.1_none_dc79f03629571954\format.com Handle ID: 0xdfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilitylibrariesext_31bf3856ad364e35_10.0.19041.1_none_26f4f0a946ac539a\fsutilext.dll Handle ID: 0xe00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\Faultrep.dll Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\combase.dll Handle ID: 0xdf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms_31bf3856ad364e35_10.0.19041.1_none_fdc3c32153adba41\fms.dll Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\fontsub.dll Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.19041.1_none_62dc6b73f7e78431\ftp.exe Handle ID: 0xe08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.19041.1_none_3eeeb9b5ca0761f9\fvecerts.dll Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.19041.1_none_825521fc8f4a22ac\fsutil.exe Handle ID: 0xe10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\FwRemoteSvr.dll Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\fwbase.dll Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\FirewallAPI.dll Handle ID: 0xafc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\fwpolicyiomgr.dll Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-gmsaclient-library_31bf3856ad364e35_10.0.19041.1_none_e1af1394fbed9887\gmsaclient.dll Handle ID: 0xb00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi32_31bf3856ad364e35_10.0.19041.1_none_0f6fb77fe8af11e6\gdi32.dll Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hal_31bf3856ad364e35_10.0.19041.1_none_611a0027f907bdd0\hal.dll Handle ID: 0xe20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.19041.1_none_de146f6286602c80\gpapi.dll Handle ID: 0xb20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_eacbb36c917c7f4d\fveapibase.dll Handle ID: 0xb1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\HOSTNAME.EXE Handle ID: 0xcec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hid-dll_31bf3856ad364e35_10.0.19041.1_none_7e9f4780b1a81d85\hid.dll Handle ID: 0xaf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hid-user_31bf3856ad364e35_10.0.19041.1_none_8c9d55f126cc2eb2\hidserv.dll Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http-api_31bf3856ad364e35_10.0.19041.1_none_ab9d4a833ca9604e\httpapi.dll Handle ID: 0x9dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.19041.1_none_e8a5ac944557b7d6\icacls.exe Handle ID: 0xe24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hyperv-hvsocketapi_31bf3856ad364e35_10.0.19041.1_none_d977aa97a88f54f6\HvSocket.dll Handle ID: 0xe28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_10.0.19041.1_none_a061f8693aabb18d\icmp.dll Handle ID: 0xc6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dui70_31bf3856ad364e35_10.0.19041.1_none_0da5bd549d784d72\dui70.dll Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_10.0.19041.1_none_0c92f10936e8155b\efscore.dll Handle ID: 0xe2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_10.0.19041.1_none_be9a10dff760abf5\idndl.dll Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\FWPUCLNT.DLL Handle ID: 0xcf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ifsutilx_31bf3856ad364e35_10.0.19041.1_none_293ad13c931df983\ifsutilx.dll Handle ID: 0x9d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.1_none_3ec7617e8e74a51b\FlightSettings.dll Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_10.0.19041.1_none_80c0d7568c8c0652\ifmon.dll Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\icfupgd.dll Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\fontdrvhost.exe Handle ID: 0xe34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.1_none_db4353caddaecdb2\imagehlp.dll Handle ID: 0xc70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_10.0.19041.1_none_9f87655b8f0ae013\ifsutil.dll Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_eacbb36c917c7f4d\fveapi.dll Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-legacyshim_31bf3856ad364e35_10.0.19041.1_none_e9ed9af439d88562\imapi.dll Handle ID: 0xd00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.19041.1_none_228591433b6cf074\InfDefaultInstall.exe Handle ID: 0xe38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imm32_31bf3856ad364e35_10.0.19041.1_none_12472b9a19c8837d\imm32.dll Handle ID: 0x9d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imagesp1-embedded_31bf3856ad364e35_10.0.19041.1_none_95bcfbbdb093b9a5\imagesp1.dll Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-snmp-inetmib1-raw-file_31bf3856ad364e35_10.0.19041.1_none_d88e1d2b76022297\inetmib1.dll Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.19041.1_none_022afe83b74c28cc\ipconfig.exe Handle ID: 0xd04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.1_none_0bdc80f3c6a07dbf\gdi32full.dll Handle ID: 0xb40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..-joinprovideronline_31bf3856ad364e35_10.0.19041.1_none_0c153bf6c1374321\joinproviderol.dll Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rm-libraries-minwin_31bf3856ad364e35_10.0.19041.1_none_55a3f83b105b09e4\IPHLPAPI.DLL Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..se_standard_101_key_31bf3856ad364e35_10.0.19041.1_none_bf5f54a6b766759a\kbd101.dll Handle ID: 0x9b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tprovision-joinutil_31bf3856ad364e35_10.0.19041.1_none_2b1450a61f89026d\joinutil.dll Handle ID: 0xb48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1_none_ebcb7bd9ac0a7638\jsproxy.dll Handle ID: 0xa5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101a_31bf3856ad364e35_10.0.19041.1_none_3bb7a99fb9fae71c\kbd101a.dll Handle ID: 0xb3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101b_31bf3856ad364e35_10.0.19041.1_none_3bb792d7b9fb00bd\kbd101b.dll Handle ID: 0xd10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..eyboard-korean_101c_31bf3856ad364e35_10.0.19041.1_none_3bb77c0fb9fb1a5e\kbd101c.dll Handle ID: 0x9e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..keyboard-korean_103_31bf3856ad364e35_10.0.19041.1_none_6d35f748424d3427\kbd103.dll Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_10.0.19041.1_none_92f877f6b2f8f621\kbd106.dll Handle ID: 0xe3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rd-japanese_106_key_31bf3856ad364e35_10.0.19041.1_none_92f877f6b2f8f621\kbd106n.dll Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_10.0.19041.1_none_9d3331cf03954005\KBDA1.DLL Handle ID: 0xe40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020401_31bf3856ad364e35_10.0.19041.1_none_e36fb9e0e8b77a77\KBDA3.DLL Handle ID: 0xe44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010401_31bf3856ad364e35_10.0.19041.1_none_405175d7f6265d3e\KBDA2.DLL Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00140c00_31bf3856ad364e35_10.0.19041.1_none_129c2d22e79fa5fa\KBDADLM.DLL Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..sframework-inputdll_31bf3856ad364e35_10.0.19041.1_none_1288003764b2fafd\input.dll Handle ID: 0xaec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041c_31bf3856ad364e35_10.0.19041.1_none_b35f8202f5543c04\KBDAL.DLL Handle ID: 0xd14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_10.0.19041.1_none_b2ede40cf59d511e\KBDARME.DLL Handle ID: 0xe4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002042b_31bf3856ad364e35_10.0.19041.1_none_f92a6c1edabf8b90\kbdarmph.dll Handle ID: 0xd2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite_31bf3856ad364e35_10.0.19041.1_none_888e7ca59ecc962f\DWrite.dll Handle ID: 0xd28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0003042b_31bf3856ad364e35_10.0.19041.1_none_9c48b027cd50a8c9\kbdarmty.dll Handle ID: 0x9fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042b_31bf3856ad364e35_10.0.19041.1_none_560c2815e82e6e57\KBDARMW.DLL Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..panese_ax2_keyboard_31bf3856ad364e35_10.0.19041.1_none_7298bbb46b5f72cd\kbdax2.dll Handle ID: 0xd1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_10.0.19041.1_none_b3636c62f550bb01\KBDAZE.DLL Handle ID: 0xd0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base_31bf3856ad364e35_10.0.19041.1_none_78fb7d69b1ff3ee7\imapi2.dll Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042c_31bf3856ad364e35_10.0.19041.1_none_567daf43e7e572de\KBDAZST.DLL Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_10.0.19041.1_none_b35f6b3af55455a5\KBDAZEL.DLL Handle ID: 0x9f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_10.0.19041.1_none_b3d09748f50bc0b0\KBDBASH.DLL Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbe_31bf3856ad364e35_10.0.19041.1_none_2ccd8031b8e94048\KBDBE.DLL Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001080c_31bf3856ad364e35_10.0.19041.1_none_5681ddfbe7e1a4f8\KBDBENE.DLL Handle ID: 0xe54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_10.0.19041.1_none_e3e1410ee86e7efe\KBDBGPH.DLL Handle ID: 0xb0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040402_31bf3856ad364e35_10.0.19041.1_none_2a1dc920cd90b970\KBDBGPH1.DLL Handle ID: 0xcf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_10.0.19041.1_none_b262d2a6f5fa057c\KBDBHC.DLL Handle ID: 0xcf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_10.0.19041.1_none_9e16129b03037c55\KBDBLR.DLL Handle ID: 0xb28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_10.0.19041.1_none_2c40f135b952ab85\KBDBR.DLL Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000402_31bf3856ad364e35_10.0.19041.1_none_9da4b8fd034c448c\KBDBU.DLL Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000b0c00_31bf3856ad364e35_10.0.19041.1_none_78da01f6640b9799\KBDBUG.DLL Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_10.0.19041.1_none_86ff8517daff9c37\KBDBULG.DLL Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00001009_31bf3856ad364e35_10.0.19041.1_none_a0b09a2b01591ad2\KBDCA.DLL Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00011009_31bf3856ad364e35_10.0.19041.1_none_43cede33f3ea380b\KBDCAN.DLL Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045c_31bf3856ad364e35_10.0.19041.1_none_b35f26e2f554a288\KBDCHER.DLL Handle ID: 0xa10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_10.0.19041.1_none_2cb27863b909b00c\KBDCR.DLL Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000405_31bf3856ad364e35_10.0.19041.1_none_9ef94e8702715221\KBDCZ.DLL Handle ID: 0xa08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_10.0.19041.1_none_4217928ff5026f5a\KBDCZ1.DLL Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045c_31bf3856ad364e35_10.0.19041.1_none_567d6aebe7e5bfc1\KBDCHERP.DLL Handle ID: 0xd3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000406_31bf3856ad364e35_10.0.19041.1_none_9f6ad5b5022856a8\KBDDA.DLL Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020405_31bf3856ad364e35_10.0.19041.1_none_e535d698e7938c93\KBDCZ2.DLL Handle ID: 0xe64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000465_31bf3856ad364e35_10.0.19041.1_none_9ef8c5d70271ebe7\KBDDIV1.DLL Handle ID: 0xe68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_10.0.19041.1_none_421709dff5030920\KBDDIV2.DLL Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010409_31bf3856ad364e35_10.0.19041.1_none_43ddaf47f3de8176\KBDDV.DLL Handle ID: 0xe6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c51_31bf3856ad364e35_10.0.19041.1_none_9d61cd7d036b6723\KBDDZO.DLL Handle ID: 0xe70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001040a_31bf3856ad364e35_10.0.19041.1_none_559ace77e877368e\KBDES.DLL Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_10.0.19041.1_none_a0bf3daf014d977f\KBDFA.DLL Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050429_31bf3856ad364e35_10.0.19041.1_none_d05691dbbe23299c\kbdfar.dll Handle ID: 0xe78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_10.0.19041.1_none_9ef920f702718563\KBDEST.DLL Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c0c_31bf3856ad364e35_10.0.19041.1_none_b38ea660f529c95c\KBDFC.DLL Handle ID: 0xb80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040b_31bf3856ad364e35_10.0.19041.1_none_b2ee119cf59d1ddc\KBDFI.DLL Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-keyboard-kbdfi1_31bf3856ad364e35_10.0.19041.1_none_12c9086d6a5ba411\KBDFI1.DLL Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000438_31bf3856ad364e35_10.0.19041.1_none_a04d9fb90196ac99\KBDFO.DLL Handle ID: 0xe88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040c_31bf3856ad364e35_10.0.19041.1_none_b35f98caf5542263\KBDFR.DLL Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00120c00_31bf3856ad364e35_10.0.19041.1_none_cc5fa511027d6b88\KBDFTHRK.DLL Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00011809_31bf3856ad364e35_10.0.19041.1_none_43d6e083f3e302c3\KBDGAE.DLL Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000437_31bf3856ad364e35_10.0.19041.1_none_9fdc188b01dfa812\KBDGEO.DLL Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020437_31bf3856ad364e35_10.0.19041.1_none_e618a09ce701e284\kbdgeoer.dll Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030437_31bf3856ad364e35_10.0.19041.1_none_8936e4a5d992ffbd\kbdgeome.dll Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040437_31bf3856ad364e35_10.0.19041.1_none_2c5528aecc241cf6\kbdgeooa.dll Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_10.0.19041.1_none_cfe5383dbe6bf1d3\KBDGKL.DLL Handle ID: 0xbb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000474_31bf3856ad364e35_10.0.19041.1_none_9e8727e102bb0101\KBDGN.DLL Handle ID: 0xa04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_10.0.19041.1_none_42fa5c93f470c54b\kbdgeoqw.dll Handle ID: 0xd54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_10.0.19041.1_none_9fdc5ce301df5b2f\KBDGR.DLL Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010407_31bf3856ad364e35_10.0.19041.1_none_42faa0ebf4707868\KBDGR1.DLL Handle ID: 0xd50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000c0c00_31bf3856ad364e35_10.0.19041.1_none_1bf845ff569cb4d2\KBDGTHC.DLL Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046f_31bf3856ad364e35_10.0.19041.1_none_b4b3a5a4f479c9be\KBDGRLND.DLL Handle ID: 0xe90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000468_31bf3856ad364e35_10.0.19041.1_none_a04d5b610196f97c\KBDHAU.DLL Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000475_31bf3856ad364e35_10.0.19041.1_none_9ef8af0f02720588\KBDHAW.DLL Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000408_31bf3856ad364e35_10.0.19041.1_none_a04de41101965fb6\KBDHE.DLL Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_10.0.19041.1_none_436c2819f4277cef\KBDHE220.DLL Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020408_31bf3856ad364e35_10.0.19041.1_none_e68a6c22e6b89a28\KBDHE319.DLL Handle ID: 0xd58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040d_31bf3856ad364e35_10.0.19041.1_none_b3d11ff8f50b26ea\KBDHEB.DLL Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002040d_31bf3856ad364e35_10.0.19041.1_none_fa0da80ada2d615c\kbdhebl3.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030408_31bf3856ad364e35_10.0.19041.1_none_89a8b02bd949b761\KBDHELA2.DLL Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040408_31bf3856ad364e35_10.0.19041.1_none_2cc6f434cbdad49a\KBDHELA3.DLL Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\IPSECSVC.DLL Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00060408_31bf3856ad364e35_10.0.19041.1_none_73037c46b0fd0f0c\KBDHEPT.DLL Handle ID: 0xb78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001040e_31bf3856ad364e35_10.0.19041.1_none_5760eb2fe75348aa\KBDHU1.DLL Handle ID: 0x9ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..oard-japanese_ibm02_31bf3856ad364e35_10.0.19041.1_none_086c45ad298279ba\kbdibm02.dll Handle ID: 0xb04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000470_31bf3856ad364e35_10.0.19041.1_none_9cc10b2903deeee5\KBDIBO.DLL Handle ID: 0xbdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040e_31bf3856ad364e35_10.0.19041.1_none_b442a726f4c22b71\KBDHU.DLL Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_10.0.19041.1_none_b4b42e54f4792ff8\KBDIC.DLL Handle ID: 0xbd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044d_31bf3856ad364e35_10.0.19041.1_none_b3d0c4d8f50b8d6e\KBDINASA.DLL Handle ID: 0xa28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_10.0.19041.1_none_4217376ff502d5de\KBDINBE1.DLL Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020445_31bf3856ad364e35_10.0.19041.1_none_e5357b78e793f317\KBDINBE2.DLL Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000445_31bf3856ad364e35_10.0.19041.1_none_9ef8f3670271b8a5\KBDINBEN.DLL Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_10.0.19041.1_none_a0bf26e7014db120\KBDINDEV.DLL Handle ID: 0xb70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00004009_31bf3856ad364e35_10.0.19041.1_none_a0902a6701716ea5\KBDINEN.DLL Handle ID: 0xbc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_10.0.19041.1_none_43dd6aeff3dece59\KBDINHIN.DLL Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_10.0.19041.1_none_b2edb67cf59d8460\KBDINKAN.DLL Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000447_31bf3856ad364e35_10.0.19041.1_none_9fdc01c301dfc1b3\KBDINGUJ.DLL Handle ID: 0xbc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044c_31bf3856ad364e35_10.0.19041.1_none_b35f3daaf55488e7\KBDINMAL.DLL Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_10.0.19041.1_none_b4424c06f4c291f5\KBDINMAR.DLL Handle ID: 0xe94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000448_31bf3856ad364e35_10.0.19041.1_none_a04d88f10196c63a\KBDINORI.DLL Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_10.0.19041.1_none_9f6a7a950228bd2c\KBDINPUN.DLL Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_10.0.19041.1_none_a0bf101f014dcac1\KBDINTAM.DLL Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_10.0.19041.1_none_b27c2f4ef5e67fd9\KBDINTEL.DLL Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_10.0.19041.1_none_56eef219e79cc448\KBDINUK2.DLL Handle ID: 0xd70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00001809_31bf3856ad364e35_10.0.19041.1_none_a0b89c7b0151e58a\KBDIR.DLL Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_10.0.19041.1_none_9cc193d903de551f\KBDIT.DLL Handle ID: 0xd68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010410_31bf3856ad364e35_10.0.19041.1_none_3fdfd7e1f66f7258\KBDIT142.DLL Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000085d_31bf3856ad364e35_10.0.19041.1_none_b3d4af38f5080c6b\KBDIULAT.DLL Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00110c00_31bf3856ad364e35_10.0.19041.1_none_294161080fec4e4f\KBDJAV.DLL Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043f_31bf3856ad364e35_10.0.19041.1_none_b4b3e9fcf4797cdb\KBDKAZ.DLL Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_9e15ce430303c938\KBDKHMR.DLL Handle ID: 0xbe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010453_31bf3856ad364e35_10.0.19041.1_none_4134124bf594e671\KBDKNI.DLL Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\IKEEXT.DLL Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000492_31bf3856ad364e35_10.0.19041.1_none_9da3ebf5034d2b35\KBDKURD.DLL Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000411_31bf3856ad364e35_10.0.19041.1_none_9d331b07039559a6\KBDJPN.DLL Handle ID: 0xbb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000440_31bf3856ad364e35_10.0.19041.1_none_9cc14f8103dea202\KBDKYR.DLL Handle ID: 0xe9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000080a_31bf3856ad364e35_10.0.19041.1_none_b2808b96f5e27eb1\KBDLA.DLL Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000412_31bf3856ad364e35_10.0.19041.1_none_9da4a235034c5e2d\KBDKOR.DLL Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_10.0.19041.1_none_9e87557102bacdbf\KBDLAO.DLL Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00070c00_31bf3856ad364e35_10.0.19041.1_none_12c49475a5abaf06\kbdlisub.dll Handle ID: 0x950 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00080c00_31bf3856ad364e35_10.0.19041.1_none_b5e2d87e983ccc3f\kbdlisus.dll Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000427_31bf3856ad364e35_10.0.19041.1_none_9fdc2f5301df8e71\KBDLT.DLL Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..panese_dec_lk411-aj_31bf3856ad364e35_10.0.19041.1_none_07b0f2db1add18c6\kbdlk41a.dll Handle ID: 0xd84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010427_31bf3856ad364e35_10.0.19041.1_none_42fa735bf470abaa\KBDLT1.DLL Handle ID: 0xd7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020427_31bf3856ad364e35_10.0.19041.1_none_e618b764e701c8e3\KBDLT2.DLL Handle ID: 0xba0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000426_31bf3856ad364e35_10.0.19041.1_none_9f6aa825022889ea\KBDLV.DLL Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010426_31bf3856ad364e35_10.0.19041.1_none_4288ec2df4b9a723\KBDLV1.DLL Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042f_31bf3856ad364e35_10.0.19041.1_none_b4b400c4f479633a\KBDMAC.DLL Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020426_31bf3856ad364e35_10.0.19041.1_none_e5a73036e74ac45c\KBDLVST.DLL Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042f_31bf3856ad364e35_10.0.19041.1_none_57d244cde70a8073\KBDMACST.DLL Handle ID: 0xd74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000481_31bf3856ad364e35_10.0.19041.1_none_9d327b8f03960d0d\KBDMAORI.DLL Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043a_31bf3856ad364e35_10.0.19041.1_none_b27c4616f5e66638\KBDMLT47.DLL Handle ID: 0x920 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001043a_31bf3856ad364e35_10.0.19041.1_none_559a8a1fe8778371\KBDMLT48.DLL Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000450_31bf3856ad364e35_10.0.19041.1_none_9cc138b903debba3\KBDMON.DLL Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000850_31bf3856ad364e35_10.0.19041.1_none_9cc539e103db20ff\KBDMONMO.DLL Handle ID: 0xb90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010850_31bf3856ad364e35_10.0.19041.1_none_3fe37de9f66c3e38\KBDMONST.DLL Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010c00_31bf3856ad364e35_10.0.19041.1_none_400efc3ff644ffb0\KBDMYAN.DLL Handle ID: 0x910 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000413_31bf3856ad364e35_10.0.19041.1_none_9e162963030362b4\KBDNE.DLL Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nese_nec98_usb_only_31bf3856ad364e35_10.0.19041.1_none_9132ab5759443e87\kbdnec.dll Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..-japanese_nec_win95_31bf3856ad364e35_10.0.19041.1_none_2e40a4b950cac90d\kbdnec95.dll Handle ID: 0xb98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000461_31bf3856ad364e35_10.0.19041.1_none_9d32a91f0395d9cb\KBDNEPR.DLL Handle ID: 0x808 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00090c00_31bf3856ad364e35_10.0.19041.1_none_59011c878acde978\kbdnko.dll Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ard-japanese_nec-at_31bf3856ad364e35_10.0.19041.1_none_fe6c4c99334ffebe\kbdnecat.dll Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..d-japanese_nec98-nt_31bf3856ad364e35_10.0.19041.1_none_f4128cf9684c5e2a\kbdnecnt.dll Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000414_31bf3856ad364e35_10.0.19041.1_none_9e87b09102ba673b\KBDNO.DLL Handle ID: 0xb18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000043b_31bf3856ad364e35_10.0.19041.1_none_b2edcd44f59d6abf\KBDNO1.DLL Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046c_31bf3856ad364e35_10.0.19041.1_none_b35f101af554bc29\KBDNSO.DLL Handle ID: 0xbb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020c00_31bf3856ad364e35_10.0.19041.1_none_e32d4048e8d61ce9\KBDNTL.DLL Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.19041.1_none_de146f6286602c80\gpsvc.dll Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000d0c00_31bf3856ad364e35_10.0.19041.1_none_bf168a08492dd20b\KBDOLCH.DLL Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000f0c00_31bf3856ad364e35_10.0.19041.1_none_0553121a2e500c7d\KBDOLDIT.DLL Handle ID: 0xcfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040c00_31bf3856ad364e35_10.0.19041.1_none_2969c85acdf8575b\KBDOGHAM.DLL Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00150c00_31bf3856ad364e35_10.0.19041.1_none_b5ba712bda30c333\KBDOSA.DLL Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000e0c00_31bf3856ad364e35_10.0.19041.1_none_6234ce113bbeef44\KBDOSM.DLL Handle ID: 0xb50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000463_31bf3856ad364e35_10.0.19041.1_none_9e15b77b0303e2d9\KBDPASH.DLL Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-000a0c00_31bf3856ad364e35_10.0.19041.1_none_d5bbbded717a7a60\kbdphags.dll Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010415_31bf3856ad364e35_10.0.19041.1_none_42177bc7f50288fb\KBDPL.DLL Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000415_31bf3856ad364e35_10.0.19041.1_none_9ef937bf02716bc2\KBDPL1.DLL Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000816_31bf3856ad364e35_10.0.19041.1_none_9f6ec0150224d5a5\KBDPO.DLL Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000418_31bf3856ad364e35_10.0.19041.1_none_a04dcd4901967957\KBDRO.DLL Handle ID: 0xb38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020418_31bf3856ad364e35_10.0.19041.1_none_e68a555ae6b8b3c9\KBDROPR.DLL Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000419_31bf3856ad364e35_10.0.19041.1_none_a0bf5477014d7dde\KBDRU.DLL Handle ID: 0xd94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010418_31bf3856ad364e35_10.0.19041.1_none_436c1151f4279690\KBDROST.DLL Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010419_31bf3856ad364e35_10.0.19041.1_none_43dd987ff3de9b17\KBDRU1.DLL Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdsf_31bf3856ad364e35_10.0.19041.1_none_344caa53b418a930\KBDSF.DLL Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020419_31bf3856ad364e35_10.0.19041.1_none_e6fbdc88e66fb850\KBDRUM.DLL Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000807_31bf3856ad364e35_10.0.19041.1_none_9fe05e0b01dbc08b\KBDSG.DLL Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041b_31bf3856ad364e35_10.0.19041.1_none_b2edfad4f59d377d\KBDSL.DLL Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041b_31bf3856ad364e35_10.0.19041.1_none_560c3edde82e54b6\KBDSL1.DLL Handle ID: 0x9f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002083b_31bf3856ad364e35_10.0.19041.1_none_f92e567edabc0a8d\KBDSMSFI.DLL Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045b_31bf3856ad364e35_10.0.19041.1_none_b2ed9fb4f59d9e01\KBDSN1.DLL Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001043b_31bf3856ad364e35_10.0.19041.1_none_560c114de82e87f8\KBDSMSNO.DLL Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00100c00_31bf3856ad364e35_10.0.19041.1_none_86231cff1d5b3116\KBDSORA.DLL Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001042e_31bf3856ad364e35_10.0.19041.1_none_5760bd9fe7537bec\KBDSOREX.DLL Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002042e_31bf3856ad364e35_10.0.19041.1_none_fa7f01a8d9e49925\KBDSORS1.DLL Handle ID: 0xbd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042e_31bf3856ad364e35_10.0.19041.1_none_b4427996f4c25eb3\KBDSORST.DLL Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040a_31bf3856ad364e35_10.0.19041.1_none_b27c8a6ef5e61955\KBDSP.DLL Handle ID: 0xb4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_10.0.19041.1_none_b3d10930f50b408b\KBDSW.DLL Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045b_31bf3856ad364e35_10.0.19041.1_none_560be3bde82ebb3a\KBDSW09.DLL Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000045a_31bf3856ad364e35_10.0.19041.1_none_b27c1886f5e6997a\KBDSYR1.DLL Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001045a_31bf3856ad364e35_10.0.19041.1_none_559a5c8fe877b6b3\KBDSYR2.DLL Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030c00_31bf3856ad364e35_10.0.19041.1_none_864b8451db673a22\KBDTAILE.DLL Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000428_31bf3856ad364e35_10.0.19041.1_none_a04db681019692f8\KBDTAJIK.DLL Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020449_31bf3856ad364e35_10.0.19041.1_none_e6fb9830e6700533\KBDTAM99.DLL Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000444_31bf3856ad364e35_10.0.19041.1_none_9e876c3902bab41e\KBDTAT.DLL Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041e_31bf3856ad364e35_10.0.19041.1_none_b442905ef4c24512\KBDTH0.DLL Handle ID: 0xbec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041e_31bf3856ad364e35_10.0.19041.1_none_5760d467e753624b\KBDTH1.DLL Handle ID: 0xa30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0002041e_31bf3856ad364e35_10.0.19041.1_none_fa7f1870d9e47f84\KBDTH2.DLL Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0003041e_31bf3856ad364e35_10.0.19041.1_none_9d9d5c79cc759cbd\KBDTH3.DLL Handle ID: 0xc38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000105f_31bf3856ad364e35_10.0.19041.1_none_b4a4eb58f48566b2\KBDTIFI.DLL Handle ID: 0xc50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001105f_31bf3856ad364e35_10.0.19041.1_none_57c32f61e71683eb\KBDTIFI2.DLL Handle ID: 0xa48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000451_31bf3856ad364e35_10.0.19041.1_none_9d32bfe70395c02a\KBDTIPRC.DLL Handle ID: 0xd38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010451_31bf3856ad364e35_10.0.19041.1_none_405103eff626dd63\KBDTIPRD.DLL Handle ID: 0xa4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010444_31bf3856ad364e35_10.0.19041.1_none_41a5b041f54bd157\KBDTT102.DLL Handle ID: 0xc40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0001041f_31bf3856ad364e35_10.0.19041.1_none_57d25b95e70a66d2\KBDTUF.DLL Handle ID: 0x954 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041f_31bf3856ad364e35_10.0.19041.1_none_b4b4178cf4794999\KBDTUQ.DLL Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000442_31bf3856ad364e35_10.0.19041.1_none_9da45ddd034cab10\KBDTURME.DLL Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000085f_31bf3856ad364e35_10.0.19041.1_none_b4b7bd94f4761579\KBDTZM.DLL Handle ID: 0xc58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000480_31bf3856ad364e35_10.0.19041.1_none_9cc0f46103df0886\KBDUGHR.DLL Handle ID: 0xc18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010480_31bf3856ad364e35_10.0.19041.1_none_3fdf3869f67025bf\KBDUGHR1.DLL Handle ID: 0xa44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000809_31bf3856ad364e35_10.0.19041.1_none_a0c36c670149c999\KBDUK.DLL Handle ID: 0xc24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000422_31bf3856ad364e35_10.0.19041.1_none_9da48b6d034c77ce\KBDUR.DLL Handle ID: 0xb64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000452_31bf3856ad364e35_10.0.19041.1_none_9da44715034cc4b1\KBDUKX.DLL Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020422_31bf3856ad364e35_10.0.19041.1_none_e3e1137ee86eb240\KBDUR1.DLL Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000420_31bf3856ad364e35_10.0.19041.1_none_9cc17d1103de6ec0\KBDURDU.DLL Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_10.0.19041.1_none_34a329b3b3f01d7b\KBDUS.DLL Handle ID: 0xc28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050409_31bf3856ad364e35_10.0.19041.1_none_d056bf6bbe22f65a\KBDUSA.DLL Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00030409_31bf3856ad364e35_10.0.19041.1_none_8a1a3759d900bbe8\KBDUSL.DLL Handle ID: 0xa2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00040409_31bf3856ad364e35_10.0.19041.1_none_2d387b62cb91d921\KBDUSR.DLL Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020409_31bf3856ad364e35_10.0.19041.1_none_e6fbf350e66f9eaf\KBDUSX.DLL Handle ID: 0xb08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000843_31bf3856ad364e35_10.0.19041.1_none_9e19e633030014f3\KBDUZB.DLL Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000042a_31bf3856ad364e35_10.0.19041.1_none_b27c5cdef5e64c97\KBDVNTC.DLL Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000488_31bf3856ad364e35_10.0.19041.1_none_a04d2dd101972cbe\KBDWOL.DLL Handle ID: 0xd78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000485_31bf3856ad364e35_10.0.19041.1_none_9ef8984702721f29\KBDYAK.DLL Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000046a_31bf3856ad364e35_10.0.19041.1_none_b27c01bef5e6b31b\KBDYBA.DLL Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000c1a_31bf3856ad364e35_10.0.19041.1_none_b2ab813cf5bbd9ef\KBDYCC.DLL Handle ID: 0xc0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000081a_31bf3856ad364e35_10.0.19041.1_none_b28074cef5e29852\KBDYCL.DLL Handle ID: 0xa40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-local_31bf3856ad364e35_10.0.19041.1_none_8f235c7e147ee665\kd.dll Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.1_none_9ccba408956b0a79\GdiPlus.dll Handle ID: 0x92c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_10.0.19041.1_none_c7a69aa24c087590\kdcom.dll Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_10.0.19041.1_none_536eb71ea9e4ee4e\kdusb.dll Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..2-filesystemsupport_31bf3856ad364e35_10.0.19041.1_none_37aa805b045f83ee\imapi2fs.dll Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kdscli-dll_31bf3856ad364e35_10.0.19041.1_none_f4cb1971d081d8b0\KdsCli.dll Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ggertransport-kdnet_31bf3856ad364e35_10.0.19041.1_none_9358d67af855fc5a\kdnet.dll Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel-appcore_31bf3856ad364e35_10.0.19041.1_none_8166005f4d2d63db\kernel.appcore.dll Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_10.0.19041.1_none_0cc85d8f7355a218\ktmw32.dll Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.19041.1_none_08b1f5ea8fb3c15e\lmhsvc.dll Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\kmddsp.tsp Handle ID: 0xa1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credential-manager_31bf3856ad364e35_10.0.19041.1_none_0787d10826b57780\KeyCredMgr.dll Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_10.0.19041.1_none_ee563fa044b1982d\linkinfo.dll Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.1_none_5fc425fbf9e3e3c7\lpk.dll Handle ID: 0xc7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\diagtrack.dll Handle ID: 0x7cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\KerbClientShared.dll Handle ID: 0xda8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ty-cng-keyisolation_31bf3856ad364e35_10.0.19041.1_none_7a2da9ef95775e3e\keyiso.dll Handle ID: 0xa78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\lodctr.exe Handle ID: 0xa7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lz32_31bf3856ad364e35_10.0.19041.1_none_48808abec8c68810\lz32.dll Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\loadperf.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..e-defaultcasingfile_31bf3856ad364e35_10.0.19041.1_none_2a00643c2ee8c04e\l_intl.nls Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-luainstaller_31bf3856ad364e35_10.0.19041.1_none_cea77efa07a8d777\luainstall.dll Handle ID: 0xc80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\lsass.exe Handle ID: 0xdc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..update-authenticamd_31bf3856ad364e35_10.0.19041.1_none_b394a541f0f74e29\mcupdate_AuthenticAMD.dll Handle ID: 0xc88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.19041.1_none_cffda9bf5435db63\mcbuilder.exe Handle ID: 0x958 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_10.0.19041.1_none_8926f863f55772dc\logoncli.dll Handle ID: 0x984 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\mapistub.dll Handle ID: 0x940 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.1_none_613e4ed2b91d35a0\mapi32.dll Handle ID: 0x95c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.1_none_2d5ce59ebb69983c\mf3216.dll Handle ID: 0xc10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ry-events-container_31bf3856ad364e35_10.0.19041.1_none_22ebbcab228602a4\microsoft-windows-battery-events.dll Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hal-events-container_31bf3856ad364e35_10.0.19041.1_none_dc3655c7fbc74cb6\microsoft-windows-hal-events.dll Handle ID: 0xcd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..np-events-container_31bf3856ad364e35_10.0.19041.1_none_9bb23eb22636b86f\microsoft-windows-kernel-pnp-events.dll Handle ID: 0x97c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_10.0.19041.1_none_a7d55464cb694584\esent.dll Handle ID: 0xc94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.19041.1_none_49aef2c4f5a90f29\kernel32.dll Handle ID: 0xcb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-pdc-events-container_31bf3856ad364e35_10.0.19041.1_none_7eaa31884cc78e84\microsoft-windows-pdc.dll Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..dy-events-container_31bf3856ad364e35_10.0.19041.1_none_631eb8f0ee70e58f\microsoft-windows-sleepstudy-events.dll Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ng-events-container_31bf3856ad364e35_10.0.19041.1_none_f76b1f55769df05d\microsoft-windows-storage-tiering-events.dll Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_10.0.19041.1_none_873aec9d858835ad\microsoft-windows-kernel-processor-power-events.dll Handle ID: 0xcb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..ncontroller-library_31bf3856ad364e35_10.0.19041.1_none_68c9f3cc78492112\LogonController.dll Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..er-events-container_31bf3856ad364e35_10.0.19041.1_none_81f50f6430eb73f8\microsoft-windows-kernel-power-events.dll Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_10.0.19041.1_none_9cc7eaaf502b1673\kerberos.dll Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_10.0.19041.1_none_72b119e551aad4bf\mcupdate_GenuineIntel.dll Handle ID: 0x964 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\mode.com Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.19041.1_none_684a86f0f0d0d27d\mountvol.exe Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-more_31bf3856ad364e35_10.0.19041.1_none_624b5deeb86c35b8\more.com Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_10.0.19041.1_none_20a93e5d48a3484c\locale.nls Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1_none_5b35da44a9e83608\lsm.dll Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr-extension_31bf3856ad364e35_10.0.19041.1_none_52b80f2a944ed98e\mprext.dll Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-legacy-afd_31bf3856ad364e35_10.0.19041.1_none_a17800e0534fdefb\msafd.dll Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\MRINFO.EXE Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msasn1_31bf3856ad364e35_10.0.19041.1_none_7d4b234e44bee9a6\msasn1.dll Handle ID: 0xdd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr_31bf3856ad364e35_10.0.19041.1_none_63c6d6f5f74ed81c\mpr.dll Handle ID: 0xdcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mscat32-dll_31bf3856ad364e35_10.0.19041.1_none_36d5217abee2f5a1\mscat32.dll Handle ID: 0xca8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprmsg_31bf3856ad364e35_10.0.19041.1_none_c97f01cdf2c089c3\mprmsg.dll Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\msaudite.dll Handle ID: 0xcac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-installer-liteconfig_31bf3856ad364e35_10.0.19041.1_none_397b5d762ff64ec6\msiltcfg.dll Handle ID: 0xdc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_10.0.19041.1_none_2d5ce59ebb69983c\msimg32.dll Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-mbr2gpt_31bf3856ad364e35_10.0.19041.1_none_aca2fbdd5d4a9b4b\MBR2GPT.EXE Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1_none_884589516eda6fc2\mskeyprotect.dll Handle ID: 0xa90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..em-events-container_31bf3856ad364e35_10.0.19041.1_none_5e488bfdad33bddc\microsoft-windows-system-events.dll Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprapi_31bf3856ad364e35_10.0.19041.1_none_c9fd926ff26221b4\mprapi.dll Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_10.0.19041.1_none_7d3387d217cafb37\msobjs.dll Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\mspatcha.dll Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msls31_31bf3856ad364e35_11.0.19041.1_none_b5e25c12acab223d\msls31.dll Handle ID: 0x978 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs_31bf3856ad364e35_10.0.19041.1_none_c209fe961ac36102\msprivs.dll Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\msdelta.dll Handle ID: 0xcbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\msIso.dll Handle ID: 0xdd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msports_31bf3856ad364e35_10.0.19041.1_none_430e27fc8ea24011\msports.dll Handle ID: 0xa80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssip32-dll_31bf3856ad364e35_10.0.19041.1_none_2c52442438dc16e5\mssip32.dll Handle ID: 0xdb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-deltacompressionengine_31bf3856ad364e35_10.0.19041.1_none_f61d759c251ca03d\mspatchc.dll Handle ID: 0xdb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\lsasrv.dll Handle ID: 0x970 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll_31bf3856ad364e35_10.0.19041.1_none_8024db0279cb1a30\mssign32.dll Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.1_none_318632b596bb9495\iertutil.dll Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcirt_31bf3856ad364e35_10.0.19041.1_none_16ae31663d668d51\msvcirt.dll Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.1_none_a905dbc4f4ec3f95\mfc42.dll Handle ID: 0x9a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3r.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\MPSSVC.dll Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1_none_3e5f09c63633f59a\msxml6r.dll Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..mplus-runtime-mtxdm_31bf3856ad364e35_10.0.19041.1_none_cde1256472ca12a8\mtxdm.dll Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_10.0.19041.1_none_32a3fa5701e84993\msv1_0.dll Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x_31bf3856ad364e35_10.0.19041.1_none_a905dbc4f4ec3f95\mfc42u.dll Handle ID: 0x9a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_10.0.19041.1_none_4ba260bf507a307f\muifontsetup.dll Handle ID: 0xddc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.19041.1_none_a3a75889107393de\msvcp110_win.dll Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.19041.1_none_540191f5bdbc78d5\nbtstat.exe Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_10.0.19041.1_none_6e446489cca94509\mswsock.dll Handle ID: 0xa9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1_none_2bb4bd9d8e22a014\msctf.dll Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\ncpa.cpl Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcoinstaller_31bf3856ad364e35_10.0.19041.1_none_ad135b999c9056d4\nci.dll Handle ID: 0xad4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcp60_31bf3856ad364e35_10.0.19041.1_none_f892a21450bd091a\msvcp60.dll Handle ID: 0xcd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.19041.1_none_874643a43e43a428\msvcrt.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.1_none_760acfd88cf7390d\MuiUnattend.exe Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\ndadmin.exe Handle ID: 0x9cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.1_none_61b242cab8dd7003\msvcp_win.dll Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbios-netapi_31bf3856ad364e35_10.0.19041.1_none_8e501828f05c3499\netbios.dll Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncryptsslp-dll_31bf3856ad364e35_10.0.19041.1_none_7262ec3c43ce9980\ncryptsslp.dll Handle ID: 0xdf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netapi32_31bf3856ad364e35_10.0.19041.1_none_43252896a0ed64ad\netapi32.dll Handle ID: 0xde4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_10.0.19041.1_none_13cf631590f9951e\ncrypt.dll Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.19041.1_none_1655d5e596a1ade0\netbtugc.exe Handle ID: 0xae4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_08235f0411d49656\neth.dll Handle ID: 0xab8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_08235f0411d49656\net.exe Handle ID: 0x9b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.19041.1_none_c61fe93bf0d70d90\netcfg.exe Handle ID: 0xdec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\netiougc.exe Handle ID: 0xa6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.1_none_261347e51dc74dc1\NetCfgNotifyObjectHost.exe Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basic-misc-tools_31bf3856ad364e35_10.0.19041.1_none_cd4dc4f45ec915f2\netmsg.dll Handle ID: 0xdfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_3ccd00f4f3f0b0c9\net1.exe Handle ID: 0xae8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetDriverInstall.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_10.0.19041.1_none_f405f4e7c4e54d09\netcfgx.dll Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..provision-framework_31bf3856ad364e35_10.0.19041.1_none_10c3a4066f0f6d99\netprovfw.dll Handle ID: 0xce0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netjoin_31bf3856ad364e35_10.0.19041.1_none_0d4b2cd40c249c64\netjoin.dll Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncryptprov-dll_31bf3856ad364e35_10.0.19041.1_none_d466de7d3371ee7b\ncryptprov.dll Handle ID: 0xc54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\netiohlp.dll Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetSetupApi.dll Handle ID: 0xafc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\NETSTAT.EXE Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netutils_31bf3856ad364e35_10.0.19041.1_none_e60a1b22e9766a75\netutils.dll Handle ID: 0xdf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.19041.1_none_159203c1973658cd\netsh.exe Handle ID: 0xb00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.exe Handle ID: 0xab4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1_none_bf0751ae6aaa2db0\ngclocal.dll Handle ID: 0xde8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\nlaapi.dll Handle ID: 0xad0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-setup_31bf3856ad364e35_10.0.19041.1_none_5dd26c4f87bf6b87\NetSetupSvc.dll Handle ID: 0x9bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-nlsdownleveldll_31bf3856ad364e35_10.0.19041.1_none_be9a10dff760abf5\Nlsdl.dll Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normaliz.dll Handle ID: 0x9d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.dll Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\ncsi.dll Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfc.nls Handle ID: 0xcdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normidna.nls Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfd.nls Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1_none_dcf385d753f19715\KernelBase.dll Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc_31bf3856ad364e35_10.0.19041.1_none_08b1f5ea8fb3c15e\nrpsrv.dll Handle ID: 0xb1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfkd.nls Handle ID: 0xce8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_abde0e386d4e6bad\normnfkc.nls Handle ID: 0xa88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.19041.1_none_261347e51dc74dc1\NetSetupShim.dll Handle ID: 0xe20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_f61301ca804606c1\dbgeng.dll Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsisvc.dll Handle ID: 0xcf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsi.dll Handle ID: 0x9d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\netshell.dll Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..atform-input-ninput_31bf3856ad364e35_10.0.19041.1_none_74ab4b3f5126f808\ninput.dll Handle ID: 0xe10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\NtlmShared.dll Handle ID: 0xacc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntlanman_31bf3856ad364e35_10.0.19041.1_none_e602234881fda6ca\ntlanman.dll Handle ID: 0xad8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_1d77034aaa47cbe0\nlasvc.dll Handle ID: 0xe24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_10.0.19041.1_none_b3a8c4c6d7576ed2\netlogon.dll Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.1_none_84ce53e99093d752\ntdsapi.dll Handle ID: 0x9dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_3c399a5aad834072\NetSetupEngine.dll Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntasn1-dll_31bf3856ad364e35_10.0.19041.1_none_7024fd8a6432413d\ntasn1.dll Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntmarta_31bf3856ad364e35_10.0.19041.1_none_31778f2b2eff24cd\ntmarta.dll Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1_none_a5f487c01cc9bd1f\ntprint.exe Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3.dll Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_10.0.19041.1_none_431c11f7f4924730\odbccp32.dll Handle ID: 0x9d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\offlinelsa.dll Handle ID: 0xd04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.1_none_2075cb51c1c141fe\oleacchooks.dll Handle ID: 0xe38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleaccrc_31bf3856ad364e35_10.0.19041.1_none_2f1afcd226c0a441\oleaccrc.dll Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..drivermanager-trace_31bf3856ad364e35_10.0.19041.1_none_356499fce0d78c44\odbctrac.dll Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_10.0.19041.1_none_c58c60d589c83177\odbcint.dll Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\offlinesam.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-core_tools_31bf3856ad364e35_10.0.19041.1_none_c1fb2da756eec2d8\osuninst.dll Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.19041.1_none_a5f487c01cc9bd1f\ntprint.dll Handle ID: 0xd00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.19041.1_none_745ae7f5de0c5438\pacjsworker.exe Handle ID: 0x9e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\PATHPING.EXE Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.1_none_2311dc3012116c15\OpenWith.exe Handle ID: 0xe2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw-minwin_31bf3856ad364e35_10.0.19041.1_none_44cf9efdc8d655cc\pcwum.dll Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_10.0.19041.1_none_1200bbf49bbc4b88\ntshrui.dll Handle ID: 0xb20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfctrs.dll Handle ID: 0xe3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfdisk.dll Handle ID: 0xa68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfnet.dll Handle ID: 0xaa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfos.dll Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.1_none_2075cb51c1c141fe\oleacc.dll Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\PING.EXE Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_10.0.19041.1_none_e7644b46fc775913\perfproc.dll Handle ID: 0xc6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..allationgrouppolicy_31bf3856ad364e35_10.0.19041.1_none_2d90812cae0d32b2\pnppolicy.dll Handle ID: 0xe28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.19041.1_none_c623bfbd8956aa49\odbc32.dll Handle ID: 0xe44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpui_31bf3856ad364e35_10.0.19041.1_none_14c89eddcaa6f765\pnpui.dll Handle ID: 0x9fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpclean_31bf3856ad364e35_10.0.19041.1_none_57335aba20737dae\pnpclean.dll Handle ID: 0xa5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-winpe_31bf3856ad364e35_10.0.19041.1_none_9bfa2f37b63d1ea6\nshwfp.dll Handle ID: 0xb48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.19041.1_none_5c82be53abe61670\PnPUnattend.exe Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_a2c8d19f92a1cc22\PkgMgr.exe Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.19041.1_none_8ee60f0d56272cb2\prflbmsg.dll Handle ID: 0xd10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe Handle ID: 0xe40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.19041.1_none_bf4cc5bb201caae3\powercfg.exe Handle ID: 0xd0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_ec940f9ab15de0f1\OneCoreCommonProxyStub.dll Handle ID: 0xd28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msftedit_31bf3856ad364e35_10.0.19041.1_none_8bc20689d68f136f\msftedit.dll Handle ID: 0xd1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profapi-onecore_31bf3856ad364e35_10.0.19041.1_none_bc0d9057164c1e84\profapi.dll Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace.dll Handle ID: 0xd2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_10.0.19041.1_none_590aabe49c35e5ec\powrprof.dll Handle ID: 0xb0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-basedependencies_31bf3856ad364e35_10.0.19041.1_none_b892ff47c82ceebb\psapi.dll Handle ID: 0xb3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasadhlp.dll Handle ID: 0xb40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.19041.1_none_b354d0155be50ce9\pnputil.exe Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\polstore.dll Handle ID: 0xe54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_10.0.19041.1_none_72f138119ad7b9a3\oleaut32.dll Handle ID: 0xd18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenvext_31bf3856ad364e35_10.0.19041.1_none_1f2f309a83ac8d50\profext.dll Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pshed_31bf3856ad364e35_10.0.19041.1_none_11e3f0d3cc72158f\PSHED.DLL Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.1_none_3e5f09c63633f59a\msxml6.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasautou.exe Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_10.0.19041.1_none_ca0f264315c5eebb\rasctrs.dll Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap_31bf3856ad364e35_10.0.19041.1_none_c8b0108916a9fd61\raschapext.dll Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\rasdiag.dll Handle ID: 0xa08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasauto.dll Handle ID: 0xe64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.1_none_70e1de7eb854e747\raschap.dll Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_bf506ecc66a800df\poqexec.exe Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-rasmobilitymanager_31bf3856ad364e35_10.0.19041.1_none_e215bd1181370d15\rasmbmgr.dll Handle ID: 0xce4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasman_31bf3856ad364e35_10.0.19041.1_none_2297579fef520c4f\rasman.dll Handle ID: 0x9b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_10.0.19041.1_none_620eb4df91aee6ff\ole32.dll Handle ID: 0xaf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.19041.1_none_1102b0871cbfcf0b\rdrleakdiag.exe Handle ID: 0xd3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_3c045b5253f885ed\recover.exe Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profsvc_31bf3856ad364e35_10.0.19041.1_none_b1a264f0d20a9224\profsvc.dll Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.19041.1_none_e7854180ca0cff60\reg.exe Handle ID: 0xe78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastapi_31bf3856ad364e35_10.0.19041.1_none_c4d537dd193a87bf\rastapi.dll Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.1_none_aa1fc2e87b362d12\regedt32.exe Handle ID: 0xe88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmontr_31bf3856ad364e35_10.0.19041.1_none_38817b2f02f70ba5\rasmontr.dll Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasppp-noneap_31bf3856ad364e35_10.0.19041.1_none_3417c64be08d70ab\rasppp.dll Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1_none_22563971ef8166c8\rastlsext.dll Handle ID: 0xb80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.19041.1_none_2e482ad4cee11ead\regsvr32.exe Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-riched32_31bf3856ad364e35_10.0.19041.1_none_52f1c15a21f92b4b\riched32.dll Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\ROUTE.EXE Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.19041.1_none_92265dee13580837\printui.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rvices-registryapis_31bf3856ad364e35_10.0.19041.1_none_5a433555c15933ce\regapi.dll Handle ID: 0xe70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-rastls_31bf3856ad364e35_10.0.19041.1_none_e42068617a44f942\rastls.dll Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-remote-extension_31bf3856ad364e35_10.0.19041.1_none_7f3bbe9e11693717\RpcRtRemote.dll Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_10.0.19041.1_none_00838c0981f40351\RpcEpMap.dll Handle ID: 0xd54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.1_none_23044991eefe742c\rasdlg.dll Handle ID: 0xd50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.19041.1_none_7cf83d048bc1c334\Robocopy.exe Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.1_none_c306a19489d81618\rtutils.dll Handle ID: 0xb28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacsess.exe Handle ID: 0xe6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.19041.1_none_8df65f134a48195f\rundll32.exe Handle ID: 0xcf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacsvr.dll Handle ID: 0xcf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\runexehelper.exe Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntdll_31bf3856ad364e35_10.0.19041.1_none_0ec7ebc59b8b3291\ntdll.dll Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_10.0.19041.1_none_3cb34e0d65889b5d\samcli.dll Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rsaenh-dll_31bf3856ad364e35_10.0.19041.1_none_15b81d4b50a1ff4f\rsaenh.dll Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-taskscheduler-netapi_31bf3856ad364e35_10.0.19041.1_none_bfb1cb1bd7650d41\schedcli.dll Handle ID: 0xe90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\samlib.dll Handle ID: 0xe68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-ras-base-vpn_31bf3856ad364e35_10.0.19041.1_none_d24e62087d8454d4\rasapi32.dll Handle ID: 0x9f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys_31bf3856ad364e35_7.0.19041.1_none_64de91323c1f66b7\propsys.dll Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_10.0.19041.1_none_78e285fc678d0c6a\sdhcinst.dll Handle ID: 0xa04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ider-interface-stub_31bf3856ad364e35_10.0.19041.1_none_521d1ee0ee1119c0\security.dll Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sens-client_31bf3856ad364e35_10.0.19041.1_none_b733bc4a5c7ec2a0\SensApi.dll Handle ID: 0xbd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-secur32_31bf3856ad364e35_10.0.19041.1_none_9f10aaef0b855f59\secur32.dll Handle ID: 0xb04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_10.0.19041.1_none_54aea3c5400609d4\rasmans.dll Handle ID: 0x9ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_winpe-smi-schema_31bf3856ad364e35_10.0.19041.1_none_3714029056abf671\schema.dat Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-riched32_31bf3856ad364e35_10.0.19041.1_none_52f1c15a21f92b4b\riched20.dll Handle ID: 0xbdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-events_31bf3856ad364e35_10.0.19041.1_none_0757c56fb730ee50\setupetw.dll Handle ID: 0xa98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1_none_473895efd7bd22ae\resutils.dll Handle ID: 0xe4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..onment-windows-base_31bf3856ad364e35_10.0.19041.1_none_1b06d4b9c9ff52aa\setbcdlocale.dll Handle ID: 0xb70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.1_none_5d26d0cffb8f2bf3\sfc.dll Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_10.0.19041.1_none_edfeefdf7878f58d\scecli.dll Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.19041.1_none_e12fdac08aa3b840\sfc.exe Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.1_none_5d26d0cffb8f2bf3\sfc_os.dll Handle ID: 0xa28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.19041.1_none_a0a8212dcec26473\refsutil.exe Handle ID: 0xb78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-schannel_31bf3856ad364e35_10.0.19041.1_none_d8075891f4a05d3c\schannel.dll Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_10.0.19041.1_none_6f15f13727f830cc\scesrv.dll Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.1_none_4c8dff3e4afd3865\slc.dll Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\smphost.dll Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-snmp-common-api_31bf3856ad364e35_10.0.19041.1_none_e90d02a70e50225c\snmpapi.dll Handle ID: 0xd70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-softpub-dll_31bf3856ad364e35_10.0.19041.1_none_998514c21e4acb23\softpub.dll Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sechost_31bf3856ad364e35_10.0.19041.1_none_3db3ea616c53bd3a\sechost.dll Handle ID: 0xd68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smss-minwin_31bf3856ad364e35_10.0.19041.1_none_3451e3c68828f3da\smss.exe Handle ID: 0xe94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_10.0.19041.1_none_afcabf88440c71c5\shlwapi.dll Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_67df66e1405214df\samsrv.dll Handle ID: 0xbc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shutdownux_31bf3856ad364e35_10.0.19041.1_none_92b981e540b9be1a\shutdownux.dll Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_2ad7e3b15f1bd143\spfileq.dll Handle ID: 0xd14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-apis_31bf3856ad364e35_10.0.19041.1_none_8618dfed22edf4fa\smbwmiv2.dll Handle ID: 0xaec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-installer_31bf3856ad364e35_10.0.19041.1_none_6cc7deb04799a6c2\sppinst.dll Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.1_none_1391a44117cab095\spinf.dll Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1_none_aee5f67c8a39040c\sscore.dll Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.19041.1_none_f509d2f29c00c5f0\services.exe Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_10.0.19041.1_none_69ebac9ae471d5da\rpcrt4.dll Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\sspisrv.dll Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-netapi_31bf3856ad364e35_10.0.19041.1_none_f69780c0efe91236\srvcli.dll Handle ID: 0xe9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..ion-legacy-stdole32_31bf3856ad364e35_10.0.19041.1_none_97c1bccbb75667d4\stdole32.tlb Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-spp-client_31bf3856ad364e35_10.0.19041.1_none_4c8dff3e4afd3865\sppc.dll Handle ID: 0xbb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe Handle ID: 0xbe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_9ec7d0c7b852d04f\stdole2.tlb Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-swenumstreamci_31bf3856ad364e35_10.0.19041.1_none_75ea8c6db5441172\streamci.dll Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-svsvc_31bf3856ad364e35_10.0.19041.1_none_17a6e31f15350b24\svsvc.dll Handle ID: 0xcd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_a2c8d19f92a1cc22\SSShim.dll Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\sspicli.dll Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storprop_31bf3856ad364e35_10.0.19041.1_none_dc43c1fad0473bd8\Storprop.dll Handle ID: 0x950 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_10.0.19041.1_none_7c64ea87c09326a1\SHCore.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.19041.1_none_6bac6724a4ab4460\svchost.exe Handle ID: 0xbb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\sxshared.dll Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxssrv_31bf3856ad364e35_10.0.19041.1_none_1676e6f1569a7c76\sxssrv.dll Handle ID: 0xac0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\sxstrace.exe Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-syssetup_31bf3856ad364e35_10.0.19041.1_none_26c19951371451d5\syssetup.dll Handle ID: 0xd9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-sysntfy_31bf3856ad364e35_10.0.19041.1_none_0b6400a5af10cbc9\sysntfy.dll Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep_31bf3856ad364e35_10.0.19041.1_none_f7ae8900566fe5a3\sppnp.dll Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_10.0.19041.1_none_4fc2bd76874a036f\sstpsvc.dll Handle ID: 0x910 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver_31bf3856ad364e35_10.0.19041.1_none_aee5f67c8a39040c\srvsvc.dll Handle ID: 0xb90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\TCPSVCS.EXE Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_10.0.19041.1_none_1fbbe97fdd3d84b7\rpcss.dll Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysclass_31bf3856ad364e35_10.0.19041.1_none_4f197ecd58b86218\sysclass.dll Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-takeown_31bf3856ad364e35_10.0.19041.1_none_afdc734db4fba076\takeown.exe Handle ID: 0xd74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.1_none_83aef3bf11beb273\TimeBrokerClient.dll Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.19041.1_none_5f22b28b2f384ed0\TRACERT.EXE Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-tokenbinding_31bf3856ad364e35_10.0.19041.1_none_3310dd860975aa08\tokenbinding.dll Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\tree.com Handle ID: 0xa10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-legacytaskmanager_31bf3856ad364e35_10.0.19041.1_none_b9a47a3e029c0ac8\taskmgr.exe Handle ID: 0xbc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker_31bf3856ad364e35_10.0.19041.1_none_83aef3bf11beb273\TimeBrokerServer.dll Handle ID: 0xb18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient_31bf3856ad364e35_10.0.19041.1_none_7e6778bbdef42354\tapi32.dll Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.1_none_cb3863f9a8ef975e\tzres.dll Handle ID: 0x808 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tssessionux-library_31bf3856ad364e35_10.0.19041.1_none_309a69a65df171cb\TSSessionUX.dll Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\tcpipcfg.dll Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..stedsignal-credprov_31bf3856ad364e35_10.0.19041.1_none_845444c17a1aeb3b\TrustedSignalCredProv.dll Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_10.0.19041.1_none_dff07260dd9df225\uexfat.dll Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemeventsbroker_31bf3856ad364e35_10.0.19041.1_none_7e925158dcd948ee\SystemEventsBrokerServer.dll Handle ID: 0xbb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\swprv.dll Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\SmiEngine.dll Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1_none_0452fb18f9222ce6\ufat.dll Handle ID: 0xb50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc-dll_31bf3856ad364e35_10.0.19041.1_none_51cd9d3807c45a79\umpdc.dll Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls_31bf3856ad364e35_10.0.19041.1_none_d9072779f812c6f6\TtlsCfg.dll Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls_31bf3856ad364e35_10.0.19041.1_none_d9072779f812c6f6\TtlsAuth.dll Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.19041.1_none_adf98e02f565c8fe\unlodctr.exe Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-textshaping_31bf3856ad364e35_10.0.19041.1_none_db5d40e9f0d72582\TextShaping.dll Handle ID: 0xb38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-umpnpmgr_31bf3856ad364e35_10.0.19041.1_none_d2e1ddf9ec9ef42c\umpnpmgr.dll Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\ureg.dll Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\sxs.dll Handle ID: 0x920 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_10.0.19041.1_none_9f87655b8f0ae013\ulib.dll Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_10.0.19041.1_none_13fb948debd0d967\umpo.dll Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.19041.1_none_9219c799710d7e86\userinit.exe Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setup-unattend_31bf3856ad364e35_10.0.19041.1_none_4ba5f79215148956\unattend.dll Handle ID: 0x9a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinitext_31bf3856ad364e35_10.0.19041.1_none_70c90297a2e629f9\userinitext.dll Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-ext_31bf3856ad364e35_10.0.19041.1_none_31520445be6f2b5c\usermgrcli.dll Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenv_31bf3856ad364e35_10.0.19041.1_none_463177f6eaa0601d\userenv.dll Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.1_none_62eb8691f7d9e6a9\usp10.dll Handle ID: 0x9f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-utildll_31bf3856ad364e35_10.0.19041.1_none_c76ef769309c4dc2\utildll.dll Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.19041.1_none_55e3fd4ba64a2469\utcutil.dll Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxinit_31bf3856ad364e35_10.0.19041.1_none_1346fe218b9024fc\UXInit.dll Handle ID: 0xc4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_10.0.19041.1_none_a1b19e53fbe710d3\uudf.dll Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-component_31bf3856ad364e35_10.0.19041.1_none_1b2acc91da05ca90\UserMgrProxy.dll Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_10.0.19041.1_none_b4b4c550934ab15c\untfs.dll Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..tilityrefsv1library_31bf3856ad364e35_10.0.19041.1_none_c6027a04b7673956\uReFSv1.dll Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..mutilityrefslibrary_31bf3856ad364e35_10.0.19041.1_none_b1e9e2c3ee743677\uReFS.dll Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..tem-tracedatahelper_31bf3856ad364e35_10.0.19041.1_none_aafc5364aad00ff9\tdh.dll Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vdsldr.exe Handle ID: 0xd94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.1_none_61b242cab8dd7003\ucrtbase.dll Handle ID: 0xb98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\ucrtbase.dll Handle ID: 0x8a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..virtualdiskprovider_31bf3856ad364e35_10.0.19041.1_none_b35f331385cac222\vdsvd.dll Handle ID: 0x818 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..rvice-basicprovider_31bf3856ad364e35_10.0.19041.1_none_d336c6d0134b4f8a\vdsbas.dll Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vdsutil.dll Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vds_ps.dll Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-version_31bf3856ad364e35_10.0.19041.1_none_caef5cb2f043426f\version.dll Handle ID: 0xc50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vhfapi_31bf3856ad364e35_10.0.19041.1_none_7fe9b9e50aa39619\VhfUm.dll Handle ID: 0xc38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1_none_a353adcda7cf69e6\virtdisk.dll Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-driververifier-tools_31bf3856ad364e35_10.0.19041.1_none_76edadec5ba257b3\verifier.exe Handle ID: 0xb4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-vpnikeapi_31bf3856ad364e35_10.0.19041.1_none_fbdcbee389599c98\vpnikeapi.dll Handle ID: 0xba0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.19041.1_none_705ce89b3c18ecc5\verifiergui.exe Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_10.0.19041.1_none_5bd5a857a5ed218d\uxtheme.dll Handle ID: 0xd7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_902ac89bbb265a11\vsstrace.dll Handle ID: 0xd84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_10.0.19041.1_none_13ea39be4ff60bb5\vdsdyn.dll Handle ID: 0xb8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssproxystub_31bf3856ad364e35_10.0.19041.1_none_e6ad2dddc94ee56d\vss_ps.dll Handle ID: 0xc58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.1_none_84ce53e99093d752\w32topl.dll Handle ID: 0xc24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-verifier_31bf3856ad364e35_10.0.19041.1_none_7ff642e6680af133\verifier.dll Handle ID: 0xb64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wallpaperhost_31bf3856ad364e35_10.0.19041.1_none_13f5052244ba101f\WallpaperHost.exe Handle ID: 0xa44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.19041.1_none_20dbe0239a0c22b4\vds.exe Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-protocol-component_31bf3856ad364e35_10.0.19041.1_none_976a18a40a1541a1\Websocket.dll Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_10.0.19041.1_none_f0be589b1c129a44\wdigest.dll Handle ID: 0xc18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pantherengine_31bf3856ad364e35_10.0.19041.1_none_64027d1445343e4f\wdscore.dll Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\werdiagcontroller.dll Handle ID: 0xc40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerEnc.dll Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.19041.1_none_832979c50cba05ad\user32.dll Handle ID: 0xa4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-service_31bf3856ad364e35_10.0.19041.1_none_41495716125a355a\usermgr.dll Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerFaultSecure.exe Handle ID: 0xc0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-time-service_31bf3856ad364e35_10.0.19041.1_none_3e9871330ca82baa\w32time.dll Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_10.0.19041.1_none_656368a8377f11e3\vpnike.dll Handle ID: 0xb08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\weretw.dll Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\wermgr.exe Handle ID: 0xd38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc_31bf3856ad364e35_10.0.19041.1_none_500548fc673a4414\wfapigp.dll Handle ID: 0xa48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\WimBootCompress.ini Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webio_31bf3856ad364e35_10.0.19041.1_none_12db47a17e10c0f7\webio.dll Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_10.0.19041.1_none_2fbd00e530432624\wersvc.dll Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_11.0.19041.1_none_9ec5a037e1014fa5\urlmon.dll Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1_none_76c543231c2d8e03\wevtutil.exe Handle ID: 0xd78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1_none_25f82a25dc26d7b4\WerFault.exe Handle ID: 0xbec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-api_31bf3856ad364e35_10.0.19041.1_none_62220fa004a7b8e2\wevtapi.dll Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_10.0.19041.1_none_6809ce232425e1f9\winbio.dll Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32u.dll Handle ID: 0xbd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.19041.1_none_d667bf99a541c264\wer.dll Handle ID: 0x934 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimserv.exe Handle ID: 0xd8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\setupapi.dll Handle ID: 0xd80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1_none_9f5ae62104c19365\winbrand.dll Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32k.sys Handle ID: 0xa2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wincredui_31bf3856ad364e35_10.0.19041.1_none_a6e5c22b9b05e853\wincredui.dll Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimgapi.dll Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webservices_31bf3856ad364e35_10.0.19041.1_none_c46d65bcce0fc64d\webservices.dll Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-system-remote_31bf3856ad364e35_10.0.19041.1_none_01fbef487c77f243\Windows.System.RemoteDesktop.dll Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..umaninterfacedevice_31bf3856ad364e35_10.0.19041.1_none_d661e88c4521c4bd\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imageres-embedded_31bf3856ad364e35_10.0.19041.1_none_df1a04943ffc8859\imageres.dll Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\wincorlib.dll Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fileexplorer-common_31bf3856ad364e35_10.0.19041.1_none_2342a6410b3d93e4\Windows.FileExplorer.Common.dll Handle ID: 0x984 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-windowsstorage-onecore_31bf3856ad364e35_10.0.19041.1_none_3d8fda155ea1164b\Windows.Storage.OneCore.dll Handle ID: 0xc88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..-ui-logon-proxystub_31bf3856ad364e35_10.0.19041.1_none_b21ae6ce61e4b93c\Windows.Internal.UI.Logon.ProxyStub.dll Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_902ac89bbb265a11\vssapi.dll Handle ID: 0xc80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1_none_2583f6d83be26175\winhttpcom.dll Handle ID: 0x968 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1_none_4e7fa6f201777f76\wininitext.dll Handle ID: 0x958 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.1_none_e2f5d71302a679c7\Windows.UI.CredDialogController.dll Handle ID: 0xa7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\winipsec.dll Handle ID: 0xbf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uiautomationcore_31bf3856ad364e35_10.0.19041.1_none_6609a122e1796b0b\UIAutomationCore.dll Handle ID: 0x97c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-ext_31bf3856ad364e35_10.0.19041.1_none_3990ef4a132546c8\winlogonext.dll Handle ID: 0xc28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-winmmbase_31bf3856ad364e35_10.0.19041.1_none_d23d391ffec1befe\winmm.dll Handle ID: 0xc94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_10.0.19041.1_none_20a93e5d48a3484c\winnlsres.dll Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\winnsi.dll Handle ID: 0x95c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe-background_31bf3856ad364e35_10.0.19041.1_none_32b01a295792e055\winpe.jpg Handle ID: 0x940 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_10.0.19041.1_none_6bd0c9bdf10da202\winmmbase.dll Handle ID: 0xa78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\winpeshl.exe Handle ID: 0xcb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1_none_e6e3c652a3ae2d1d\wininit.exe Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_10.0.19041.1_none_ced587c718f6befa\WinSCard.dll Handle ID: 0xdc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog_31bf3856ad364e35_10.0.19041.1_none_92b5699db236b5ff\wevtsvc.dll Handle ID: 0xcb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.19041.1_none_745ae7f5de0c5438\winhttp.dll Handle ID: 0xcd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\winsockhc.dll Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.19041.1_none_25b40e9a744f0270\winlogon.exe Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1_none_9f5ae62104c19365\winsku.dll Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\windowsperformancerecordercontrol.dll Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrv_31bf3856ad364e35_10.0.19041.1_none_6c6fa4263bb2bc26\winsrv.dll Handle ID: 0x964 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrvext_31bf3856ad364e35_10.0.19041.1_none_7deda8bd79cb100b\winsrvext.dll Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winload.exe Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1_none_05dcb3de9b5c150b\winload.exe Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wintrust-dll_31bf3856ad364e35_10.0.19041.1_none_a59f4749396e6b7e\wintrust.dll Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_10.0.19041.1_none_92d0fce86b5e6c76\winsta.dll Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanutil_31bf3856ad364e35_10.0.19041.1_none_f108c0bead67c531\wlanutil.dll Handle ID: 0xdcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winresume.exe Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.19041.1_none_1f29a4ae2c282494\winresume.exe Handle ID: 0xcb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_10.0.19041.1_none_4c72c4fe407ba476\WindowsCodecs.dll Handle ID: 0xca8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ting-spooler-client_31bf3856ad364e35_10.0.19041.1_none_491f03a2b80b5701\winspool.drv Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmistub_31bf3856ad364e35_10.0.19041.1_none_53b3552e52e466fe\wmi.dll Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ationservice-netapi_31bf3856ad364e35_10.0.19041.1_none_2b6c643e548ec657\wkscli.dll Handle ID: 0xdc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-wmiclnt_31bf3856ad364e35_10.0.19041.1_none_abe6c2792f59f2e7\wmiclnt.dll Handle ID: 0xdd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ropertypageprovider_31bf3856ad364e35_10.0.19041.1_none_390208341c5e5ae6\wmiprop.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1_none_e6e3c652a3ae2d1d\wmsgapi.dll Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wofutil_31bf3856ad364e35_10.0.19041.1_none_41180bf7abb4de2d\WofUtil.dll Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winload.efi Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ment-windows-minwin_31bf3856ad364e35_10.0.19041.1_none_05dcb3de9b5c150b\winload.efi Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.19041.1_none_1117c7b60c0466c3\winresume.efi Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_10.0.19041.1_none_1f29a4ae2c282494\winresume.efi Handle ID: 0xdbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\wowreg32.exe Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ci-wldp-dll_31bf3856ad364e35_10.0.19041.1_none_4af57b1829d0fc36\wldp.dll Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeutil.exe Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\wpr.config.xml Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeinit.exe Handle ID: 0xdd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\ws2help.dll Handle ID: 0xde0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-workstationservice_31bf3856ad364e35_10.0.19041.1_none_822b2571762f47ef\wkssvc.dll Handle ID: 0x978 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools_31bf3856ad364e35_10.0.19041.1_none_b0f0b064d63d511a\wpeutil.dll Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-winsock-provider_31bf3856ad364e35_10.0.19041.1_none_8d8c2e85b98ddf69\wshhyperv.dll Handle ID: 0xcbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_10.0.19041.1_none_ba760ff196b881e4\wshelper.dll Handle ID: 0x9a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ldap-client_31bf3856ad364e35_10.0.19041.1_none_a92d551af5c93a56\Wldap32.dll Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.1_none_81a41345d0e50bd5\wship6.dll Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.1_none_81a41345d0e50bd5\WSHTCPIP.DLL Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_10.0.19041.1_none_9956442cb0e4454b\wsock32.dll Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..g-onesettingsclient_31bf3856ad364e35_10.0.19041.1_none_401c1484642ad7b2\wosc.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_10.0.19041.1_none_7d21f8e165b2c296\wtsapi32.dll Handle ID: 0x9a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-xcopy_31bf3856ad364e35_10.0.19041.1_none_18e6b82c93a9c5f6\xcopy.exe Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_841b2dcf703e01c1\comctl32.dll.mui Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_10.0.19041.1_none_72f39a6acb655331\wmicmiplugin.dll Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_819c34ef9c4b059f\cdosys.dll.mui Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32kbase_31bf3856ad364e35_10.0.19041.1_none_6467534c061ae30a\win32kbase.sys Handle ID: 0xddc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_23d6081ee1065300\fms.dll.mui Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_2a5b0f5860be5318\comctl32.dll.mui Handle ID: 0xcac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_a7940cd7ed29ac79\mlang.dll.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_18207bac374ef9df\wpr.exe Handle ID: 0xcd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_0c47983f4a48e577\comdlg32.dll.mui Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.19041.1_none_cc4e22eec8cdf1a0\winsqlite3.dll Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_ca15e9a7d186a457\fms.dll.mui Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_4dd3ee60dda9fdd0\mlang.dll.mui Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.1_none_3f2c8c1642ac14b2\xmllite.dll Handle ID: 0xc10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_68735a12391b6597\msimsg.dll.mui Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_10.0.19041.1_none_a8a8be466db38c3f\ws2_32.dll Handle ID: 0xde4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_b28779c83ac936ce\comdlg32.dll.mui Handle ID: 0xab8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_0eb33b9b299bb6ee\msimsg.dll.mui Handle ID: 0x9b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_10.0.19041.1_none_5668fec1a41d6ac1\driver.stl Handle ID: 0xae4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..egrity-driverpolicy_31bf3856ad364e35_10.0.19041.1_none_6a270ae8836eb4ca\driversipolicy.p7b Handle ID: 0xdf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base_31bf3856ad364e35_10.0.19041.1_none_c3df43fac5e304be\WinTypes.dll Handle ID: 0xa90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_6ee4873e39e4503b\win32kfull.sys Handle ID: 0xae8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d56485f34e462f43\comctl32.dll.mui Handle ID: 0xea8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_751f6042bf0e8082\fms.dll.mui Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d9f8f0a4b1540e6d\msprivs.dll.mui Handle ID: 0xeac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_f8dd64fbcb31d9fb\mlang.dll.mui Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_d2e58d137a533321\cdosys.dll.mui Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_da-dk_729e661a448c2b42\comctl32.dll.mui Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_da-dk_12594069b5547c81\fms.dll.mui Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_5d90f063285112f9\comdlg32.dll.mui Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_da-dk_701f6d3a70992f20\cdosys.dll.mui Handle ID: 0xc54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_da-dk_7732d0cba79a0a6c\msprivs.dll.mui Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_cs-cz_b9bcb23617239319\msimsg.dll.mui Handle ID: 0xce0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_da-dk_96174522c177d5fa\mlang.dll.mui Handle ID: 0xeb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_de-de_6fc9fb5646627fdc\comctl32.dll.mui Handle ID: 0xeb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_da-dk_facad08a1e970ef8\comdlg32.dll.mui Handle ID: 0xeb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.1_none_22216f24538098e3\ntoskrnl.exe Handle ID: 0xebc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_de-de_0f84d5a5b72ad11b\fms.dll.mui Handle ID: 0x9d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_de-de_745e6607a9705f06\msprivs.dll.mui Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_de-de_6d4b0276726f83ba\cdosys.dll.mui Handle ID: 0xcdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_de-de_9342da5ec34e2a94\mlang.dll.mui Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-provisioningxml_31bf3856ad364e35_10.0.19041.1_none_bd9b9842d29858e9\wpx.dll Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_da-dk_56f6925d0d698f18\msimsg.dll.mui Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.ServiceRes.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Proxy.dll Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_de-de_f7f665c6206d6392\comdlg32.dll.mui Handle ID: 0xec0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_de-de_542227990f3fe3b2\msimsg.dll.mui Handle ID: 0xe20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.Packaging.dll Handle ID: 0xb1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Service.exe Handle ID: 0x970 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\KernelTraceControl.dll Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismHost.exe Handle ID: 0xa9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismCorePS.dll Handle ID: 0xda4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\FolderProvider.dll Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.1_none_e7333d2012d370d7\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x8bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismProv.dll Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\DismCore.dll Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\shell32.dll Handle ID: 0xab4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_e1253388ca1ca1af\LogProvider.dll Handle ID: 0xa40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\GenericProvider.dll Handle ID: 0xcfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\ImagingProvider.dll Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\OSProvider.dll Handle ID: 0xa88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\OfflineSetupProvider.dll Handle ID: 0xce8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\DmiProvider.dll Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\IntlProvider.dll Handle ID: 0xdb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-base-util-l1-1-0.dll Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_8deab740314165ae\api-ms-win-core-com-l1-1-0.dll Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-comm-l1-1-0.dll Handle ID: 0xe08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..-winproviders-winpe_31bf3856ad364e35_10.0.19041.1_none_d4a0bf5d69b223c4\PEProvider.dll Handle ID: 0x9dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-console-l1-1-0.dll Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-datetime-l1-1-0.dll Handle ID: 0xe24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-datetime-l1-1-1.dll Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-debug-l1-1-0.dll Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-debug-l1-1-1.dll Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-delayload-l1-1-0.dll Handle ID: 0x9e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-errorhandling-l1-1-0.dll Handle ID: 0xd00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-errorhandling-l1-1-1.dll Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-fibers-l1-1-0.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-fibers-l1-1-1.dll Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-2-0.dll Handle ID: 0xc70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-1-0.dll Handle ID: 0xb20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-file-l1-2-1.dll Handle ID: 0xe38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-file-l2-1-0.dll Handle ID: 0xaa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-file-l2-1-1.dll Handle ID: 0xd04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\UnattendProvider.dll Handle ID: 0x9bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-handle-l1-1-0.dll Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\SmiProvider.dll Handle ID: 0xe28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\FfuProvider.dll Handle ID: 0xabc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-heap-l1-1-0.dll Handle ID: 0x9d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-interlocked-l1-1-0.dll Handle ID: 0xe2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-io-l1-1-0.dll Handle ID: 0xe10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-io-l1-1-1.dll Handle ID: 0xb00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-kernel32-legacy-l1-1-1.dll Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-kernel32-legacy-l1-1-0.dll Handle ID: 0xdb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll Handle ID: 0xa80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll Handle ID: 0xdf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-libraryloader-l1-1-0.dll Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-libraryloader-l1-1-1.dll Handle ID: 0xc6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-localization-l1-2-1.dll Handle ID: 0xafc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-localization-l1-2-0.dll Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\API-MS-Win-core-localization-obsolete-l1-2-0.dll Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-0.dll Handle ID: 0xdf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-1.dll Handle ID: 0xea0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-memory-l1-1-2.dll Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-namedpipe-l1-1-0.dll Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-privateprofile-l1-1-0.dll Handle ID: 0xe54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-privateprofile-l1-1-1.dll Handle ID: 0xd1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processenvironment-l1-1-0.dll Handle ID: 0xad8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processenvironment-l1-2-0.dll Handle ID: 0xacc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-0.dll Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-1.dll Handle ID: 0xb40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-processthreads-l1-1-2.dll Handle ID: 0xcec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\CbsProvider.dll Handle ID: 0xd28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-processtopology-obsolete-l1-1-0.dll Handle ID: 0xd10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-profile-l1-1-0.dll Handle ID: 0xce4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-realtime-l1-1-0.dll Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-registry-l1-1-0.dll Handle ID: 0x9b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-registry-l2-1-0.dll Handle ID: 0xa08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-rtlsupport-l1-1-0.dll Handle ID: 0xb3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shutdown-l1-1-0.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-shlwapi-legacy-l1-1-0.dll Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-string-l1-1-0.dll Handle ID: 0xad0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-string-l2-1-0.dll Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-string-obsolete-l1-1-0.dll Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-stringansi-l1-1-0.dll Handle ID: 0xda8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-stringloader-l1-1-1.dll Handle ID: 0xed4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-synch-l1-2-0.dll Handle ID: 0xe88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-synch-l1-1-0.dll Handle ID: 0xed8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-1-0.dll Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-2-0.dll Handle ID: 0xe78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-sysinfo-l1-2-1.dll Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-l1-2-0.dll Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-legacy-l1-1-0.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-threadpool-private-l1-1-0.dll Handle ID: 0xaf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-timezone-l1-1-0.dll Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-util-l1-1-0.dll Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-url-l1-1-0.dll Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\api-ms-win-core-version-l1-1-0.dll Handle ID: 0xb48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-wow64-l1-1-0.dll Handle ID: 0x9fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-core-xstate-l1-1-0.dll Handle ID: 0xe6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-core-xstate-l2-1-0.dll Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-conio-l1-1-0.dll Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-environment-l1-1-0.dll Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-convert-l1-1-0.dll Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-heap-l1-1-0.dll Handle ID: 0xe64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-filesystem-l1-1-0.dll Handle ID: 0xedc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-locale-l1-1-0.dll Handle ID: 0xee0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-process-l1-1-0.dll Handle ID: 0xee4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-math-l1-1-0.dll Handle ID: 0xee8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-multibyte-l1-1-0.dll Handle ID: 0xeec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-runtime-l1-1-0.dll Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-stdio-l1-1-0.dll Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-time-l1-1-0.dll Handle ID: 0xef4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-utility-l1-1-0.dll Handle ID: 0x9ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-string-l1-1-0.dll Handle ID: 0xb80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-devices-config-L1-1-0.dll Handle ID: 0xb04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-devices-config-L1-1-1.dll Handle ID: 0xbd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-eventing-consumer-l1-1-0.dll Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\API-MS-Win-Eventing-Controller-L1-1-0.dll Handle ID: 0xe4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-Legacy-L1-1-0.dll Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Eventing-Provider-L1-1-0.dll Handle ID: 0x9f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-EventLog-Legacy-L1-1-0.dll Handle ID: 0xe68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Security-Lsalookup-L2-1-0.dll Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-security-cryptoapi-l1-1-0.dll Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-Security-Lsalookup-L2-1-1.dll Handle ID: 0xe90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-security-base-l1-1-0.dll Handle ID: 0xcf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\API-MS-Win-security-lsapolicy-l1-1-0.dll Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-crt-private-l1-1-0.dll Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\API-MS-Win-security-provider-L1-1-0.dll Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_27337cd97933b011\api-ms-win-security-sddl-l1-1-0.dll Handle ID: 0xe94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-core-l1-1-0.dll Handle ID: 0xd68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-core-l1-1-1.dll Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-management-l1-1-0.dll Handle ID: 0xcf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-management-l2-1-0.dll Handle ID: 0xaec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-private-l1-1-0.dll Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-private-l1-1-1.dll Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_7d55e8342077d456\api-ms-win-service-winsvc-l1-1-0.dll Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f70e304c2189961c\api-ms-win-shcore-stream-l1-1-0.dll Handle ID: 0xe00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\VhdProvider.dll Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\ProvProvider.dll Handle ID: 0xefc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_6d3ec71b4449a646\WimProvider.dll Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-acpiex_31bf3856ad364e35_10.0.19041.1_none_eabbb32778568ee1\acpiex.sys Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-agilevpn_31bf3856ad364e35_10.0.19041.1_none_656368a8377f11e3\agilevpn.sys Handle ID: 0xd50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_10.0.19041.1_none_da48dc66d436c4ea\asyncmac.sys Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-acx-classextension_31bf3856ad364e35_10.0.19041.1_none_603af04756940675\Acx01000.sys Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bowser_31bf3856ad364e35_10.0.19041.1_none_dc509a77c39e1813\bowser.sys Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdfs_31bf3856ad364e35_10.0.19041.1_none_5c58a092bc516f41\cdfs.sys Handle ID: 0xe70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cmi_31bf3856ad364e35_10.0.19041.1_none_5fbf57cbf9e86514\cmiv2.dll Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventaggregation_31bf3856ad364e35_10.0.19041.1_none_63a798d6bc80e6c3\CEA.sys Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_10.0.19041.1_none_8dd95015fdcaa5cb\afd.sys Handle ID: 0xd74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..m-initmachineconfig_31bf3856ad364e35_10.0.19041.1_none_8c7d59649b9010b9\cmimcext.sys Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.0.19041.1_none_ebcb7bd9ac0a7638\wininet.dll Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-console-driver_31bf3856ad364e35_10.0.19041.1_none_bda6d8de6d326289\condrv.sys Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crashdump_31bf3856ad364e35_10.0.19041.1_none_5b7e6b42b633893e\crashdmp.sys Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskdump_31bf3856ad364e35_10.0.19041.1_none_1caf439036a3b758\Diskdump.sys Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpusbstor_31bf3856ad364e35_10.0.19041.1_none_9739b5dd0fd1ea77\Dmpusbstor.sys Handle ID: 0xb90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpata_31bf3856ad364e35_10.0.19041.1_none_1f2f2b820d66819f\Dumpata.sys Handle ID: 0xb18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp-minwin_31bf3856ad364e35_10.0.19041.1_none_c4a2c41a8ca495de\Classpnp.sys Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commonlog_31bf3856ad364e35_10.0.19041.1_none_3473a830c6e98c70\clfs.sys Handle ID: 0x7cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_10.0.19041.1_none_3d8b3b6185796b59\dfsc.sys Handle ID: 0xd14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dumpstorport_31bf3856ad364e35_10.0.19041.1_none_ede32bc4ec2191f4\Dumpstorport.sys Handle ID: 0xf0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..tartup-filterdriver_31bf3856ad364e35_10.0.19041.1_none_1ad26604d92628d1\dumpfve.sys Handle ID: 0xf10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cng_31bf3856ad364e35_10.0.19041.1_none_5edc32a7fa7a75a7\cng.sys Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgmms1.sys Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filebasedwritefilter_31bf3856ad364e35_10.0.19041.1_none_7451610a8fd1f391\fbwf.sys Handle ID: 0xc7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-exfat_31bf3856ad364e35_10.0.19041.1_none_0b57ec97b88919cf\exfat.sys Handle ID: 0xa30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fileinfominifilter_31bf3856ad364e35_10.0.19041.1_none_8ca608a8d0ab598e\fileinfo.sys Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ependencyminifilter_31bf3856ad364e35_10.0.19041.1_none_e044076f26d88682\fsdepends.sys Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-coreos-minwin_31bf3856ad364e35_10.0.19041.1_none_0c74dc47cdc0c489\fs_rec.sys Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..-security-processor_31bf3856ad364e35_10.0.19041.1_none_753573cf4f16bfb8\ClipSp.sys Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:21:59 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fat_31bf3856ad364e35_10.0.19041.1_none_64a43903f6c1af5a\fastfat.sys Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgmms2.sys Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_10.0.19041.1_none_c6fa8075ca299800\fltMgr.sys Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_10.0.19041.1_none_b8115bbc4932577a\hwpolicy.sys Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..r-v-socket-provider_31bf3856ad364e35_10.0.19041.1_none_374e55df01fa604b\hvsocket.sys Handle ID: 0xc50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.1_none_8de99335568c2092\FWPKCLNT.SYS Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__mi..tartup-filterdriver_31bf3856ad364e35_10.0.19041.1_none_1ad26604d92628d1\fvevol.sys Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingthunk_31bf3856ad364e35_10.0.19041.1_none_e86a349cb6e47170\ksthunk.sys Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.19041.1_none_f35caf2131abed9a\ksecdd.sys Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_10.0.19041.1_none_5c3b9845fc28beb1\ksecpkg.sys Handle ID: 0xd80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_10.0.19041.1_none_7e96789e6617c214\mcd.sys Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..pointmanager-minwin_31bf3856ad364e35_10.0.19041.1_none_864c9e3e6c9f9e12\mountmgr.sys Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-drv_31bf3856ad364e35_10.0.19041.1_none_5863a83061dcb77c\mpsdrv.sys Handle ID: 0xb08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_10.0.19041.1_none_0d71cfdb3541a1c8\ks.sys Handle ID: 0x838 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mshidkmdf_31bf3856ad364e35_10.0.19041.1_none_f66d51e010863068\mshidkmdf.sys Handle ID: 0xa54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msfs_31bf3856ad364e35_10.0.19041.1_none_5c614dbebc49ed16\msfs.sys Handle ID: 0xa7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mspclock.sys Handle ID: 0xc18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreaming_31bf3856ad364e35_10.0.19041.1_none_0d71cfdb3541a1c8\mskssrv.sys Handle ID: 0x958 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mspqm.sys Handle ID: 0x968 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-gpio-class-extension_31bf3856ad364e35_10.0.19041.1_none_a1cbf947f3a46687\msgpioclx.sys Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_10.0.19041.1_none_40cc031f29236771\mrxsmb20.sys Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_10.0.19041.1_none_17e5c8a57a1936af\mstee.sys Handle ID: 0x940 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecore-winrt-storage_31bf3856ad364e35_10.0.19041.1_none_9a20dfaabca58b11\windows.storage.dll Handle ID: 0x95c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\ndistapi.sys Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup_31bf3856ad364e35_10.0.19041.1_none_62e356b1f7e14f33\mup.sys Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-virtualbus_31bf3856ad364e35_10.0.19041.1_none_1153eeecbb78ada1\NdisVirtualBus.sys Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndisuio_31bf3856ad364e35_10.0.19041.1_none_21e21547863ba45c\ndisuio.sys Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-kernel_31bf3856ad364e35_10.0.19041.1_none_74fd915921441a6a\msrpc.sys Handle ID: 0xdcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_10.0.19041.1_none_35827ab8f07af59e\mrxsmb.sys Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbios_31bf3856ad364e35_10.0.19041.1_none_0fd2c5ae0a7cd53b\netbios.sys Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\ndproxy.sys Handle ID: 0xdfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winquic_31bf3856ad364e35_10.0.19041.1_none_df0a4eeaa8c1710f\msquic.sys Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_10.0.19041.1_none_a9299e44f6a84ec9\ndiswan.sys Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_2853306366d1671d\nsiproxy.sys Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-null_31bf3856ad364e35_10.0.19041.1_none_5f56fb00ba5a9142\null.sys Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-npfs_31bf3856ad364e35_10.0.19041.1_none_5c629260bc48b98a\npfs.sys Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntosext_31bf3856ad364e35_10.0.19041.1_none_89e4438cceba3f44\ntosext.sys Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..wdf-class-extension_31bf3856ad364e35_10.0.19041.1_none_3ece2840a591ddbe\NetAdapterCx.sys Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http_31bf3856ad364e35_10.0.19041.1_none_62b209ccb8387393\http.sys Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt-minwin_31bf3856ad364e35_10.0.19041.1_none_a19d8ec5773d4c59\netbt.sys Handle ID: 0xa84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw_31bf3856ad364e35_10.0.19041.1_none_6602a3e1f5dded97\pcw.sys Handle ID: 0xa78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-portcfg_31bf3856ad364e35_10.0.19041.1_none_e08628635c2267bc\portcfg.sys Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-partitionmanager_31bf3856ad364e35_10.0.19041.1_none_978d210f59cd170e\partmgr.sys Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc-mw_31bf3856ad364e35_10.0.19041.1_none_d8c3201e0c8a5167\pdc.sys Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ram-disk-driver_31bf3856ad364e35_10.0.19041.1_none_c051ee891e045c04\ramdisk.sys Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.1_none_c5cb0c3a04b0a5de\rasacd.sys Handle ID: 0xcac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_10.0.19041.1_none_0c2491a439f55f8f\raspppoe.sys Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_10.0.19041.1_none_0c8c7a5954ab0dda\netio.sys Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_10.0.19041.1_none_4fcd5a20874bd0c1\rasl2tp.sys Handle ID: 0x9a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_10.0.19041.1_none_4fe02c5c87346397\raspptp.sys Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ase-rassstp-coresys_31bf3856ad364e35_10.0.19041.1_none_315ffa5b81f6a9a8\rassstp.sys Handle ID: 0x934 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ymanagementservices_31bf3856ad364e35_10.0.19041.1_none_a965d346967271f3\sacdrv.sys Handle ID: 0xcd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_10.0.19041.1_none_9b713b66c97c53c5\scsiport.sys Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sdport_31bf3856ad364e35_10.0.19041.1_none_dd5ddf055642a76f\sdport.sys Handle ID: 0xdf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-serial-classextension_31bf3856ad364e35_10.0.19041.1_none_ec05bfb3f8911367\SerCx.sys Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rdbss_31bf3856ad364e35_10.0.19041.1_none_0fc5e55000c6f60f\rdbss.sys Handle ID: 0xd9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sleepstudyhelper_31bf3856ad364e35_10.0.19041.1_none_2c3619f0539aa9d3\SleepStudyHelper.sys Handle ID: 0x9a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s...smart_card_library_31bf3856ad364e35_10.0.19041.1_none_aff4ba7b87150d94\smclib.sys Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.1_none_61b9a62282ea4bf7\dxgkrnl.sys Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..l-classextension-v2_31bf3856ad364e35_10.0.19041.1_none_f3d28f7109310cd8\SerCx2.sys Handle ID: 0xeb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spb-classextension_31bf3856ad364e35_10.0.19041.1_none_6fe049417df680da\SpbCx.sys Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.19041.1_none_0f468bb8c7699238\ndis.sys Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1_31bf3856ad364e35_10.0.19041.1_none_0815fcad3e97a0f7\refsv1.sys Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storage-qos-filter_31bf3856ad364e35_10.0.19041.1_none_ff9700c950ae3c03\storqosflt.sys Handle ID: 0x9d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_10.0.19041.1_none_b9c73bb7af849d32\srvnet.sys Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_10.0.19041.1_none_481addfb5cac00db\tape.sys Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-streamclass_31bf3856ad364e35_10.0.19041.1_none_1455a334d70035f7\stream.sys Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tdi-driver_31bf3856ad364e35_10.0.19041.1_none_1cdf560fd553ffa5\tdi.sys Handle ID: 0xac0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_10.0.19041.1_none_a02ed5cf7b732f32\tdx.sys Handle ID: 0xe20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tm_31bf3856ad364e35_10.0.19041.1_none_030656e323303a3e\tm.sys Handle ID: 0xad4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usb-ude-classextension_31bf3856ad364e35_10.0.19041.1_none_945b34440635663e\Udecx.sys Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ucx-classextension_31bf3856ad364e35_10.0.19041.1_none_7ad3e75c3ea3b541\Ucx01000.sys Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-v2_31bf3856ad364e35_10.0.19041.1_none_8fdda6f295d93a41\srv2.sys Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storport_31bf3856ad364e35_10.0.19041.1_none_dd6d5c2ccf8c6c4e\storport.sys Handle ID: 0xc84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-videoport_31bf3856ad364e35_10.0.19041.1_none_720b5996a3c20047\videoprt.sys Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-udfs_31bf3856ad364e35_10.0.19041.1_none_5c6aa5c6bc41375f\udfs.sys Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.19041.1_none_29421b2ffbc5ca5c\vmbkmcl.sys Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs_31bf3856ad364e35_10.0.19041.1_none_5c678e20bc4404fb\refs.sys Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-watchdog_31bf3856ad364e35_10.0.19041.1_none_1659f5c048d9982c\watchdog.sys Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-core_31bf3856ad364e35_10.0.19041.1_none_e7d7871a6376ff0e\wanarp.sys Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driververifier-xdv_31bf3856ad364e35_10.0.19041.1_none_0c9b9f6e3d7d334c\VerifierExt.sys Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs_31bf3856ad364e35_10.0.19041.1_none_5c623740bc49200e\ntfs.sys Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.19041.1_none_3eecafedb43c1031\wimmount.sys Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingkernel_31bf3856ad364e35_10.0.19041.1_none_04dc677714cccaca\werkernel.sys Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-hyper-v-winhv_31bf3856ad364e35_10.0.19041.1_none_93cc37f483916b61\winhv.sys Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_10.0.19041.1_none_2c4425bdbd499f65\WdfLdr.sys Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmilib_31bf3856ad364e35_10.0.19041.1_none_0f4607daa38a37c5\wmilib.sys Handle ID: 0xcdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimfsf_31bf3856ad364e35_10.0.19041.1_none_6c8d18be3b8fcba9\wimfsf.sys Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wpprecorder_31bf3856ad364e35_10.0.19041.1_none_cb2d33f4b1bd1134\WppRecorder.sys Handle ID: 0xd04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_10.0.19041.1_none_0577ae58672b2cbc\ws2ifsl.sys Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_10.0.19041.1_none_92f3cf8625865d67\volmgrx.sys Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-overlayfilter_31bf3856ad364e35_10.0.19041.1_none_a9a7a2a4e2fa918f\wof.sys Handle ID: 0xea0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-volsnap_31bf3856ad364e35_10.0.19041.1_none_151b030c40cdc642\volsnap.sys Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_10.0.19041.1_none_2c4425bdbd499f65\Wdf01000.sys Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_el-gr_186028e93577e86a\comctl32.dll.mui Handle ID: 0xb00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_el-gr_b81b0338a64039a9\fms.dll.mui Handle ID: 0xe94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_el-gr_3bd907f1b2639322\mlang.dll.mui Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_el-gr_15e130096184ec48\cdosys.dll.mui Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_el-gr_1cf4939a9885c794\msprivs.dll.mui Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_en-gb_113216313a17d7dc\comctl32.dll.mui Handle ID: 0xd3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_en-gb_b0ecf080aae0291b\fms.dll.mui Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_en-gb_34aaf539b7038294\mlang.dll.mui Handle ID: 0x8ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_el-gr_a08c93590f82cc20\comdlg32.dll.mui Handle ID: 0xbd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_en-us_18bad14f35408ba1\comctl32.dll.mui Handle ID: 0xb04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_el-gr_fcb8552bfe554c40\msimsg.dll.mui Handle ID: 0xcf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_en-gb_995e80a11422bb92\comdlg32.dll.mui Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_en-us_b875ab9ea608dce0\fms.dll.mui Handle ID: 0xd58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_en-us_163bd86f614d8f7f\cdosys.dll.mui Handle ID: 0xe00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d4f3c00984e6acb\msprivs.dll.mui Handle ID: 0xaec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_es-es_18862e3335677d46\comctl32.dll.mui Handle ID: 0xbe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_en-us_3c33b057b22c3659\mlang.dll.mui Handle ID: 0xad0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_en-gb_f58a427402f53bb2\msimsg.dll.mui Handle ID: 0xd28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_es-es_1d1a98e498755c70\msprivs.dll.mui Handle ID: 0xcec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_es-es_b8410882a62fce85\fms.dll.mui Handle ID: 0xd50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_es-es_3bff0d3bb25327fe\mlang.dll.mui Handle ID: 0x7e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_es-mx_1abd1bd933fb60f1\comctl32.dll.mui Handle ID: 0xbb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_en-us_a0e73bbf0f4b6f57\comdlg32.dll.mui Handle ID: 0xf00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_es-es_1607355361748124\cdosys.dll.mui Handle ID: 0xefc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_et-ee_1245f9c3396d59d5\comctl32.dll.mui Handle ID: 0xcf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_es-mx_ba77f628a4c3b230\fms.dll.mui Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd12fd91fe1def77\msimsg.dll.mui Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_es-mx_3e35fae1b0e70ba9\mlang.dll.mui Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_es-es_a0b298a30f7260fc\comdlg32.dll.mui Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_et-ee_b200d412aa35ab14\fms.dll.mui Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b7a132e02a816f70\comctl32.dll.mui Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_et-ee_35bed8cbb659048d\mlang.dll.mui Handle ID: 0xbb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_es-mx_a2e986490e0644a7\comdlg32.dll.mui Handle ID: 0x890 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-es_fcde5a75fe44e11c\msimsg.dll.mui Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_b5223a00568e734e\cdosys.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_575c0d2f9b49c0af\fms.dll.mui Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_bc359d918d8f4e9a\msprivs.dll.mui Handle ID: 0xc6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_b3b3ee7c2d11f9ce\comctl32.dll.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_et-ee_9a72643313783d8b\comdlg32.dll.mui Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_db1a11e8a76d1a28\mlang.dll.mui Handle ID: 0xe90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_536ec8cb9dda4b0d\fms.dll.mui Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_et-ee_f69e2606024abdab\msimsg.dll.mui Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_d72ccd84a9fda486\mlang.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bb3da432283993a8\comctl32.dll.mui Handle ID: 0xe6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_3fcd9d50048c5326\comdlg32.dll.mui Handle ID: 0x9fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bfd20ee38b4772d2\msprivs.dll.mui Handle ID: 0xe70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_es-mx_ff15481bfcd8c4c7\msimsg.dll.mui Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5af87e819901e4e7\fms.dll.mui Handle ID: 0xaf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_deb6833aa5253e60\mlang.dll.mui Handle ID: 0xcd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b8beab5254469786\cdosys.dll.mui Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_he-il_ff5d4bd40ea89496\comctl32.dll.mui Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_9bf95f22f35ed346\msimsg.dll.mui Handle ID: 0x840 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_he-il_9f1826237f70e5d5\fms.dll.mui Handle ID: 0xd68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_3be058ec071cdd84\comdlg32.dll.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_he-il_22d62adc8b943f4e\mlang.dll.mui Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_0179feb40d5c015c\comctl32.dll.mui Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_he-il_fcde52f43ab59874\cdosys.dll.mui Handle ID: 0x8d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_02ae247a0c9962c4\comctl32.dll.mui Handle ID: 0x9ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_a134d9037e24529b\fms.dll.mui Handle ID: 0xef4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_436a0ea20244775e\comdlg32.dll.mui Handle ID: 0x808 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_24f2ddbc8a47ac14\mlang.dll.mui Handle ID: 0xd74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_he-il_8789b643e8b3784c\comdlg32.dll.mui Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_980c1abef5ef5da4\msimsg.dll.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_he-il_e3b57816d785f86c\msimsg.dll.mui Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_07428f2b6fa741ee\msprivs.dll.mui Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_it-it_a5659a78ff6b7926\comctl32.dll.mui Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_a268fec97d61b403\fms.dll.mui Handle ID: 0xbb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_002f2b9a38a666a2\cdosys.dll.mui Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_2627038289850d7c\mlang.dll.mui Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9f95d074f116f77e\msimsg.dll.mui Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_it-it_a9fa052a62795850\msprivs.dll.mui Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_89a66923e766e512\comdlg32.dll.mui Handle ID: 0xb8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_it-it_452074c87033ca65\fms.dll.mui Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_478b1985f2868b01\comctl32.dll.mui Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_it-it_c8de79817c5723de\mlang.dll.mui Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e745f3d5634edc40\fms.dll.mui Handle ID: 0x828 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_450c20a61e938edf\cdosys.dll.mui Handle ID: 0xd14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4c1f843755946a2b\msprivs.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_it-it_a2e6a1992b787d04\cdosys.dll.mui Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6b03f88e6f7235b9\mlang.dll.mui Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_8ada8ee9e6a4467a\comdlg32.dll.mui Handle ID: 0x950 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_eaf4f63ae4f75217\comctl32.dll.mui Handle ID: 0xb70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_e5d22af6d6396532\msimsg.dll.mui Handle ID: 0xa98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_ef8960ec48053141\msprivs.dll.mui Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_8aafd08a55bfa356\fms.dll.mui Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_8ec0223bd71f1db4\comctl32.dll.mui Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_0e6dd54361e2fccf\mlang.dll.mui Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cfb783f5cc916eb7\comdlg32.dll.mui Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_e875fd5b110455f5\cdosys.dll.mui Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_8f8d90bfd69d5ea4\comctl32.dll.mui Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_e70650bcd576c69a\msimsg.dll.mui Handle ID: 0xd18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_it-it_2d9204e8d9765cdc\comdlg32.dll.mui Handle ID: 0xb50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2be345c8bb63eed7\msimsg.dll.mui Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_2e7afc8b47e76ef3\fms.dll.mui Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_b2390144540ac86c\mlang.dll.mui Handle ID: 0xf18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_732160aabf0235cd\comdlg32.dll.mui Handle ID: 0xf1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_2f486b0f4765afe3\fms.dll.mui Handle ID: 0xf20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.1_none_8de99335568c2092\tcpip.sys Handle ID: 0xf24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ko-kr_cf4d227dadd4b5ed\msimsg.dll.mui Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_b3066fc85389095c\mlang.dll.mui Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d387776fbd1c7dd3\comctl32.dll.mui Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_it-it_89bdc6bbc848dcfc\msimsg.dll.mui Handle ID: 0xd2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpmigration_31bf3856ad364e35_10.0.19041.1_none_1ee1bf0adb4eaf7d\pnpmig.inf Handle ID: 0xb0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_16ec8cabb12a016a\comdlg32.dll.mui Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_nb-no_734251bf2de4cf12\fms.dll.mui Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_16.bin Handle ID: 0x920 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d81be221202a5cfd\msprivs.dll.mui Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_nb-no_f70056783a08288b\mlang.dll.mui Handle ID: 0x9f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_24.bin Handle ID: 0xa30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d1087e8fe92981b1\cdosys.dll.mui Handle ID: 0xf28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_32.bin Handle ID: 0x9a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_17b9fb2fb0a8425a\comdlg32.dll.mui Handle ID: 0xd0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_16.bin Handle ID: 0xf14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_lt-lt_73184e7e9ffc818a\msimsg.dll.mui Handle ID: 0xf10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_24.bin Handle ID: 0xf0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_32.bin Handle ID: 0xb38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_16.bin Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\bench_48.bin Handle ID: 0xbc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.1_none_1776a3602eb73133\netiomig.dll Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_24.bin Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_32.bin Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\house_48.bin Handle ID: 0xb4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\office_48.bin Handle ID: 0xa48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_lv-lv_73e5bd029f7ac27a\msimsg.dll.mui Handle ID: 0x92c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup_31bf3856ad364e35_10.0.19041.1_none_62e356b1f7e14f33\MupMigPlugin.dll Handle ID: 0xd94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_d1c6c2adbe4887a8\comctl32.dll.mui Handle ID: 0xd7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_d65b2d5f215666d2\msprivs.dll.mui Handle ID: 0xe40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_nb-no_5bb3e1df97276189\comdlg32.dll.mui Handle ID: 0xc7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_18031d2fa36af55c\comctl32.dll.mui Handle ID: 0xe44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_71819cfd2f10d8e7\fms.dll.mui Handle ID: 0xa68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_f53fa1b63b343260\mlang.dll.mui Handle ID: 0xc50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs_31bf3856ad364e35_10.0.19041.1_none_643da99ff70141b5\SxsMigPlugin.dll Handle ID: 0xc4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1c9787e10678d486\msprivs.dll.mui Handle ID: 0xbc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pt-br_1a5707d3a1f48940\comctl32.dll.mui Handle ID: 0xc58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_cf47c9cdea558b86\cdosys.dll.mui Handle ID: 0x89c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_3b7bfc382056a014\mlang.dll.mui Handle ID: 0xc24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_b7bdf77f1433469b\fms.dll.mui Handle ID: 0x8ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_1584244fcf77f93a\cdosys.dll.mui Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_10.0.19041.1_none_27770adb9e444fec\CntrtextMig.dll Handle ID: 0xe3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_nb-no_b7dfa3b285f9e1a9\msimsg.dll.mui Handle ID: 0xf2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pt-br_1eeb72850502686a\msprivs.dll.mui Handle ID: 0xec4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pt-br_ba11e22312bcda7f\fms.dll.mui Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_1b38d73fa163f91c\comctl32.dll.mui Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pt-br_3dcfe6dc1ee033f8\mlang.dll.mui Handle ID: 0xf30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pt-br_17d80ef3ce018d1e\cdosys.dll.mui Handle ID: 0xb90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\cis.scp Handle ID: 0xf34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_59f32d1d98536b5e\comdlg32.dll.mui Handle ID: 0xa1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_1fcd41f10471d846\msprivs.dll.mui Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_baf3b18f122c4a5b\fms.dll.mui Handle ID: 0xe34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\pppmenu.scp Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_a02f879f7d75d912\comdlg32.dll.mui Handle ID: 0xf38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_3eb1b6481e4fa3d4\mlang.dll.mui Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\switch.inf Handle ID: 0xa4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_5f739d7787cac478\comctl32.dll.mui Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.1_none_c3d1756519cccb94\pad.inf Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_18b9de5fcd70fcfa\cdosys.dll.mui Handle ID: 0xf40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_61dbe90386458748\comctl32.dll.mui Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_b61eeef08725eb7e\msimsg.dll.mui Handle ID: 0xdd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_ff2e77c6f89315b7\fms.dll.mui Handle ID: 0xbec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_fc5b49726c485932\msimsg.dll.mui Handle ID: 0xd78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-br_a28372437bff6cf6\comdlg32.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_82ec7c8004b66f30\mlang.dll.mui Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_667053b4e9536672\msprivs.dll.mui Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_0196c352f70dd887\fms.dll.mui Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_00f6edb07b5f7972\comctl32.dll.mui Handle ID: 0xf44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_8554c80c03313200\mlang.dll.mui Handle ID: 0x88c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_a36541af7b6edcd2\comdlg32.dll.mui Handle ID: 0xd38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_5f5cf023b2528b26\cdosys.dll.mui Handle ID: 0xbd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pt-br_feaf34166ad1ed16\msimsg.dll.mui Handle ID: 0xf4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_a0b1c7ffec27cab1\fms.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sl-si_00090f687bf98c55\comctl32.dll.mui Handle ID: 0xd80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_246fccb8f84b242a\mlang.dll.mui Handle ID: 0xf54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_ff9103826a415cf2\msimsg.dll.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smi-engine_31bf3856ad364e35_10.0.19041.1_none_4e063d17b240687b\WcmTypes.xsd Handle ID: 0xf58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasapi_31bf3856ad364e35_10.0.19041.1_none_23288cedeee2b8f7\pbkmigr.dll Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_e7a007e761d5a82e\comdlg32.dll.mui Handle ID: 0xf5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sl-si_9fc3e9b7ecc1dd94\fms.dll.mui Handle ID: 0xf60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_10.0.19041.1_none_e78aa3d4e79f21f4\tssysprep.dll Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_ea08537360506afe\comdlg32.dll.mui Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sl-si_2381ee70f8e5370d\mlang.dll.mui Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_43cbc9ba50a8284e\msimsg.dll.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_463415464f22eb1e\msimsg.dll.mui Handle ID: 0x878 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_89235820556a5d28\comdlg32.dll.mui Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sl-si_883579d85604700b\comdlg32.dll.mui Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpmigration_31bf3856ad364e35_10.0.19041.1_none_1ee1bf0adb4eaf7d\pnpmig.dll Handle ID: 0xf78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sk-sk_e54f19f3443cdd48\msimsg.dll.mui Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a63977acf10b3386\comctl32.dll.mui Handle ID: 0xd8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sl-si_e4613bab44d6f02b\msimsg.dll.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sv-se_fdd6d3787d6e91a3\comctl32.dll.mui Handle ID: 0xf8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_sv-se_026b3e29e07c70cd\msprivs.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_45f451fc61d384c5\fms.dll.mui Handle ID: 0xf6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_th-th_a2e0f52b6eb34ee4\comctl32.dll.mui Handle ID: 0xc40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_c9b256b56df6de3e\mlang.dll.mui Handle ID: 0xb08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_sv-se_9d91adc7ee36e2e2\fms.dll.mui Handle ID: 0xa2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_sv-se_214fb280fa5a3c5b\mlang.dll.mui Handle ID: 0xf94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a6e41dbf6c2a9394\comctl32.dll.mui Handle ID: 0xc18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_th-th_429bcf7adf7ba023\fms.dll.mui Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_sv-se_fb57da98a97b9581\cdosys.dll.mui Handle ID: 0x954 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ab788870cf3872be\msprivs.dll.mui Handle ID: 0xa7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_th-th_c659d433eb9ef99c\mlang.dll.mui Handle ID: 0xa54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_42c40066635bb9e0\comctl32.dll.mui Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_469ef80edcf2e4d3\fms.dll.mui Handle ID: 0xfa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_ca5cfcc7e9163e4c\mlang.dll.mui Handle ID: 0xfa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e27edab5d4240b1f\fms.dll.mui Handle ID: 0xfa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_a46524df98379772\cdosys.dll.mui Handle ID: 0xfb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_2e65e21ccb16173c\comdlg32.dll.mui Handle ID: 0xc0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_663cdf6ee0476498\mlang.dll.mui Handle ID: 0xfac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_sv-se_86033de857797559\comdlg32.dll.mui Handle ID: 0xfb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\firewallapi.mof Handle ID: 0x964 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\ipsecsvc.mof Handle ID: 0xfb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp_31bf3856ad364e35_10.0.19041.1_none_cb743c1f4b6f5bbd\classlog.mof Handle ID: 0xba0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opinstallcomponents_31bf3856ad364e35_10.0.19041.1_none_a8bea44d075fad04\drvinst.mof Handle ID: 0xfc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_th-th_2b0d5f9b48be329a\comdlg32.dll.mui Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_8a91a3efb9e8975c\msimsg.dll.mui Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_th-th_8739216e3790b2ba\msimsg.dll.mui Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_sv-se_e22effbb464bf579\msimsg.dll.mui Handle ID: 0xfc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_2f10882f4635774a\comdlg32.dll.mui Handle ID: 0x8e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-mof_31bf3856ad364e35_10.0.19041.1_none_b0c0473940a4df7c\lsasrv.mof Handle ID: 0xfcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_10.0.19041.1_none_a8893249a6634a0f\mountmgr.mof Handle ID: 0xfd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\mpsdrv.mof Handle ID: 0xcb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\mpssvc.mof Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace_uninstall.mof Handle ID: 0xfd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\ncprov.mof Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis-minwin_31bf3856ad364e35_10.0.19041.1_none_0f468bb8c7699238\ndistrace.mof Handle ID: 0xfdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\polstore.mof Handle ID: 0xfe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-netlogon-mof_31bf3856ad364e35_10.0.19041.1_none_14d75236e15b3e8b\nlsvc.mof Handle ID: 0xfbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.mof Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.mof Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-mof_31bf3856ad364e35_10.0.19041.1_none_a34ab671cd1c0418\refs.mof Handle ID: 0x87c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1-mof_31bf3856ad364e35_10.0.19041.1_none_f03beea17c348eb6\refsv1.mof Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_caf06ad63d669d96\comdlg32.dll.mui Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_8b3c4a023507f76a\msimsg.dll.mui Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\interop.mof Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_10.0.19041.1_none_78e285fc678d0c6a\sdbus.mof Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\scrcons.mof Handle ID: 0xfe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.19041.1_none_8550cdeb6ca68785\services.mof Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\setupapi.mof Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_eae66734659b60d0\setupapi.mof Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\subscrpt.mof Handle ID: 0xdbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase-rassstp_31bf3856ad364e35_10.0.19041.1_none_4fc2bd76874a036f\sstpsvc.mof Handle ID: 0xdfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\smtpcons.mof Handle ID: 0xdcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_271c2ca92c391db6\msimsg.dll.mui Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary-mof_31bf3856ad364e35_10.0.19041.1_none_384e8526bab471fe\Wdf01000Uninstall.mof Handle ID: 0xa84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..opinstallcomponents_31bf3856ad364e35_10.0.19041.1_none_a8bea44d075fad04\umpnpmgr.mof Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc-tracing_31bf3856ad364e35_10.0.19041.1_none_91e7777d1ebf6053\WFAPIGP.mof Handle ID: 0xfec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-network-security-mof_31bf3856ad364e35_10.0.19041.1_none_6c409dd882170ccf\WFP.MOF Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.19041.1_none_8550cdeb6ca68785\scm.mof Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wdf-kernellibrary-mof_31bf3856ad364e35_10.0.19041.1_none_384e8526bab471fe\Wdf01000.mof Handle ID: 0xa6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_f9ff85558b62c4e7\winipsec.mof Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\WMI_Tracing.mof Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-classpnp_31bf3856ad364e35_10.0.19041.1_none_cb743c1f4b6f5bbd\stortrace.mof Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-apis_31bf3856ad364e35_10.0.19041.1_none_8618dfed22edf4fa\smbwmiv2.mof Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\wmi.mof Handle ID: 0xa78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof-admin_31bf3856ad364e35_10.0.19041.1_none_7d3d8e8467b75d73\WBEMCons.mof Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ry-services-sam-mof_31bf3856ad364e35_10.0.19041.1_none_771f52b46f435b04\samsrv.mof Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\wmipcima.mof Handle ID: 0xff0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\secrcw32.mof Handle ID: 0xff4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbClientNetworkInterface.cdxml Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbBandwidthLimit.cdxml Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbConnection.cdxml Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMultichannelConnection.cdxml Handle ID: 0xffc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbClientConfiguration.cdxml Handle ID: 0xdd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbGlobalMapping.cdxml Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerNetworkInterface.cdxml Handle ID: 0xdec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMapping.cdxml Handle ID: 0xcb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\system.mof Handle ID: 0x940 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbScriptModule.psm1 Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbMultichannelConstraint.cdxml Handle ID: 0xb54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbOpenFile.cdxml Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\Smb.types.ps1xml Handle ID: 0x8e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.Format.Helper.psm1 Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerCertificateMapping.cdxml Handle ID: 0xdc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbSession.cdxml Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.psd1 Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_78413bbd1c6265b3\comctl32.dll.mui Handle ID: 0xcac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbServerConfiguration.cdxml Handle ID: 0x978 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_7cd5a66e7f7044dd\msprivs.dll.mui Handle ID: 0x9a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_17fc160c8d2ab6f2\fms.dll.mui Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_7c3d791319d34223\comctl32.dll.mui Handle ID: 0x968 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\Smb.format.ps1xml Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_9bba1ac5994e106b\mlang.dll.mui Handle ID: 0x984 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_80d1e3c47ce1214d\msprivs.dll.mui Handle ID: 0xde4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_1bf853628a9b9362\fms.dll.mui Handle ID: 0xcd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_75c242dd486f6991\cdosys.dll.mui Handle ID: 0x934 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_9fb6581b96beecdb\mlang.dll.mui Handle ID: 0x8dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_5c9967ffe53fc989\msimsg.dll.mui Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-powershell_31bf3856ad364e35_10.0.19041.1_none_12fcd173608a3b6a\SmbShare.cdxml Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_79be803345e04601\cdosys.dll.mui Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_6095a555e2b0a5f9\msimsg.dll.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_006da62cf66d4969\comdlg32.dll.mui Handle ID: 0xdf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_0469e382f3de25d9\comdlg32.dll.mui Handle ID: 0xde0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..on-authui-component_31bf3856ad364e35_10.0.19041.1_none_92c85869af354084\authui.dll.mun Handle ID: 0xddc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1_none_250b9aff0f5d41ee\notepad.exe.mun Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30_31bf3856ad364e35_10.0.19041.1_none_3e5f4e1e3633a8b7\msxml3.dll.mun Handle ID: 0xab8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.1_none_6ba21f2545051a20\comdlg32.dll.mun Handle ID: 0xae4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_10.0.19041.1_none_2bb4bd9d8e22a014\msctf.dll.mun Handle ID: 0xd9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_10.0.19041.1_none_3bdf68e23780d992\cryptui.dll.mun Handle ID: 0x1008 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap_31bf3856ad364e35_10.0.19041.1_none_c8b0108916a9fd61\raschapext.dll.mun Handle ID: 0x1010 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui_31bf3856ad364e35_10.0.19041.1_none_1200bbf49bbc4b88\ntshrui.dll.mun Handle ID: 0x1004 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui_31bf3856ad364e35_10.0.19041.1_none_0afb6ba153044137\aclui.dll.mun Handle ID: 0xae8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_c76758d7f0069e2e\newdev.dll.mun Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.1_none_1160cf5f7d314d55\crypt32.dll.mun Handle ID: 0x8c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-rastls_31bf3856ad364e35_10.0.19041.1_none_e42068617a44f942\rastls.dll.mun Handle ID: 0x100c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls_31bf3856ad364e35_10.0.19041.1_none_22563971ef8166c8\rastlsext.dll.mun Handle ID: 0xea8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg_31bf3856ad364e35_10.0.19041.1_none_23044991eefe742c\rasdlg.dll.mun Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_10.0.19041.1_none_92265dee13580837\printui.dll.mun Handle ID: 0x101c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_10.0.19041.1_none_edd31baf6b791931\browcli.dll Handle ID: 0x1020 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.1_none_710cd97a292dd978\CredProv2faHelper.dll Handle ID: 0x1018 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-onecore-console-host-propsheet_31bf3856ad364e35_10.0.19041.1_none_de1e1a00f16d8e79\console.dll Handle ID: 0x1024 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_10.0.19041.1_none_248d91ddf4389abd\CredentialUIBroker.exe Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys_31bf3856ad364e35_7.0.19041.1_none_64de91323c1f66b7\propsys.dll.mun Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-credui-onecore_31bf3856ad364e35_10.0.19041.1_none_3b9b94b6f7844814\credui.dll Handle ID: 0xeb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..iderslegacy-library_31bf3856ad364e35_10.0.19041.1_none_1cb2dbdbf9cc4538\credprovslegacy.dll Handle ID: 0x1028 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-consolelogon-library_31bf3856ad364e35_10.0.19041.1_none_459a6a2efab5d5d0\ConsoleLogon.dll Handle ID: 0xc54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.19041.1_none_d277313aeac89552\bcryptprimitives.dll Handle ID: 0x1030 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-debugcore_31bf3856ad364e35_10.0.19041.1_none_bcb626ea1f2a0c98\dbgcore.dll Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-com-coml2_31bf3856ad364e35_10.0.19041.1_none_de030bd651b5f111\coml2.dll Handle ID: 0xeb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1_none_4c60b7f12fdc2a03\credprovs.dll Handle ID: 0x1038 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.19041.1_none_4c7da197e5837576\diagnosticdataquery.dll Handle ID: 0x103c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-credprovhost-library_31bf3856ad364e35_10.0.19041.1_none_73c3548001df54b1\credprovhost.dll Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.19041.1_none_5668834b68c7e852\driverquery.exe Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces_31bf3856ad364e35_10.0.19041.1_none_1c2a0fb54ce86e17\mispace.mof Handle ID: 0x1040 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vss-eventcls_31bf3856ad364e35_10.0.19041.1_none_a2a5ab50d2eb8f21\eventcls.dll Handle ID: 0x9d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..authfactor-credprov_31bf3856ad364e35_10.0.19041.1_none_a8737db62256d73e\devicengccredprov.dll Handle ID: 0x1044 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-onecore-pnp-drvsetup_31bf3856ad364e35_10.0.19041.1_none_1e236d5e3754f154\drvsetup.dll Handle ID: 0x1048 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.19041.1_none_4c7da197e5837576\dtdump.exe Handle ID: 0x104c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..ovdatamodel-library_31bf3856ad364e35_10.0.19041.1_none_6e9243852acd4e3a\CredProvDataModel.dll Handle ID: 0x1050 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.19041.1_none_18b834522b9eb97e\expand.exe Handle ID: 0x1054 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..ertificates-utility_31bf3856ad364e35_10.0.19041.1_none_49436407fe6823f4\fvecerts.dll Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.19041.1_none_2cda3b956fcdb26f\InfDefaultInstall.exe Handle ID: 0x105c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_10.0.19041.1_none_e2a1e85b858f5f9e\comres.dll.mun Handle ID: 0x1060 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-coreos_31bf3856ad364e35_10.0.19041.1_none_e597fe1d120f8fad\imagehlp.dll Handle ID: 0x894 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..-credential-manager_31bf3856ad364e35_10.0.19041.1_none_11dc7b5a5b16397b\KeyCredMgr.dll Handle ID: 0x1064 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-difxapi_31bf3856ad364e35_10.0.19041.1_none_62160f8e7d3231a2\difxapi.dll Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\KerbClientShared.dll Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\ndadmin.exe Handle ID: 0x1074 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.19041.1_none_805f7a2ac157fb08\MuiUnattend.exe Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_0067ac1cb4a6c8bc\DbgModel.dll Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetDriverInstall.dll Handle ID: 0x1078 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_f5205dbec5dd4148\fveapibase.dll Handle ID: 0x107c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell_31bf3856ad364e35_10.0.19041.1_none_8b747856ad684fa8\netshell.dll.mun Handle ID: 0xebc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.exe Handle ID: 0xac0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-i..ional-normalization_31bf3856ad364e35_10.0.19041.1_none_b632b88aa1af2da8\normaliz.dll Handle ID: 0xe20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetSetupApi.dll Handle ID: 0x850 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_32a7dab59b322918\nsi.dll Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1_none_c95bfc009f0aefab\ngclocal.dll Handle ID: 0x1034 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\NtlmShared.dll Handle ID: 0x1070 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ntlanman_31bf3856ad364e35_10.0.19041.1_none_f056cd9ab65e68c5\ntlanman.dll Handle ID: 0x1084 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1_none_d1bc032a24676029\newdev.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.19041.1_none_1b575ad951209106\rdrleakdiag.exe Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-msvcp110_31bf3856ad364e35_10.0.19041.1_none_adfc02db44d455d9\msvcp110_win.dll Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-flighting-settings_31bf3856ad364e35_10.0.19041.1_none_491c0bd0c2d56716\FlightSettings.dll Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-onecorecommonproxystub_31bf3856ad364e35_10.0.19041.1_none_f6e8b9ece5bea2ec\OneCoreCommonProxyStub.dll Handle ID: 0xad4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1_none_f5205dbec5dd4148\fveapi.dll Handle ID: 0x970 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_352c8e03937c933e\spfileq.dll Handle ID: 0x9b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-syssetup_31bf3856ad364e35_10.0.19041.1_none_311643a36b7513d0\syssetup.dll Handle ID: 0xab4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-spinf_31bf3856ad364e35_10.0.19041.1_none_1de64e934c2b7290\spinf.dll Handle ID: 0x1058 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_10.0.19041.1_none_a91c7b19ecb3924a\stdole2.tlb Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\PkgMgr.exe Handle ID: 0x1080 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\SSShim.dll Handle ID: 0x1088 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-drvstore_31bf3856ad364e35_10.0.19041.1_none_b13a0d01174375ff\drvstore.dll Handle ID: 0xa9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-s..stedsignal-credprov_31bf3856ad364e35_10.0.19041.1_none_8ea8ef13ae7bad36\TrustedSignalCredProv.dll Handle ID: 0x108c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.1_none_e01afed6f525cf3c\NetSetupEngine.dll Handle ID: 0x1098 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_9a7f72edef871c0c\vsstrace.dll Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1_none_6331d348ae4a8fa9\poqexec.exe Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32u.dll Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-pantherengine_31bf3856ad364e35_10.0.19041.1_none_07e3e1908cd6cd19\wdscore.dll Handle ID: 0xc84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wincredui_31bf3856ad364e35_10.0.19041.1_none_b13a6c7dcf66aa4e\wincredui.dll Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-i..-ui-logon-proxystub_31bf3856ad364e35_10.0.19041.1_none_bc6f912096457b37\Windows.Internal.UI.Logon.ProxyStub.dll Handle ID: 0xa88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.1_none_32a7dab59b322918\winnsi.dll Handle ID: 0x10a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft.windows.winhttpcom_31bf3856ad364e35_5.1.19041.1_none_2fd8a12a70432370\winhttpcom.dll Handle ID: 0xce8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-f..tilityrefsv1library_31bf3856ad364e35_10.0.19041.1_none_d0572456ebc7fb51\uReFSv1.dll Handle ID: 0x1090 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wmistub_31bf3856ad364e35_10.0.19041.1_none_5e07ff80874528f9\wmi.dll Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-debughelp_31bf3856ad364e35_10.0.19041.1_none_b8924fec21c9ce8e\dbghelp.dll Handle ID: 0xec0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32k.sys Handle ID: 0x820 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wmi-wmiclnt_31bf3856ad364e35_10.0.19041.1_none_b63b6ccb63bab4e2\wmiclnt.dll Handle ID: 0xda4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\wowreg32.exe Handle ID: 0x10a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.1_none_ed4a816537073bc2\Windows.UI.CredDialogController.dll Handle ID: 0x10ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wofutil_31bf3856ad364e35_10.0.19041.1_none_4b6cb649e015a028\WofUtil.dll Handle ID: 0x10b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismHost.exe Handle ID: 0x10b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismCorePS.dll Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wintrust-dll_31bf3856ad364e35_10.0.19041.1_none_aff3f19b6dcf2d79\wintrust.dll Handle ID: 0x10bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\FolderProvider.dll Handle ID: 0xdb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\GenericProvider.dll Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismProv.dll Handle ID: 0x10c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\DismCore.dll Handle ID: 0xe24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof_31bf3856ad364e35_10.0.19041.1_none_5867d3184f8e8a0d\cimwin32.mof Handle ID: 0x10c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.1_none_8506980511bf3079\LogProvider.dll Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\DmiProvider.dll Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\ImagingProvider.dll Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\OfflineSetupProvider.dll Handle ID: 0x9dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\OSProvider.dll Handle ID: 0x8bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\IntlProvider.dll Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\FfuProvider.dll Handle ID: 0x9a0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-coresystem-wpr_31bf3856ad364e35_10.0.19041.1_none_227525fe6bafbbda\windowsperformancerecordercontrol.dll Handle ID: 0xd00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\CbsProvider.dll Handle ID: 0x9e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-base-util-l1-1-0.dll Handle ID: 0xa40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..-winproviders-winpe_31bf3856ad364e35_10.0.19041.1_none_788223d9b154b28e\PEProvider.dll Handle ID: 0xb1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-comm-l1-1-0.dll Handle ID: 0x10d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-console-l1-1-0.dll Handle ID: 0x10d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_31cc1bbc78e3f478\api-ms-win-core-com-l1-1-0.dll Handle ID: 0x10d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-datetime-l1-1-0.dll Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-datetime-l1-1-1.dll Handle ID: 0x10cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-debug-l1-1-0.dll Handle ID: 0x10e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-debug-l1-1-1.dll Handle ID: 0xc70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-delayload-l1-1-0.dll Handle ID: 0xcfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-errorhandling-l1-1-0.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-errorhandling-l1-1-1.dll Handle ID: 0x10e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\SmiProvider.dll Handle ID: 0x10e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-fibers-l1-1-0.dll Handle ID: 0x10ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-fibers-l1-1-1.dll Handle ID: 0x10f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\UnattendProvider.dll Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-2-0.dll Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-2-1.dll Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-file-l1-1-0.dll Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-file-l2-1-0.dll Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-file-l2-1-1.dll Handle ID: 0x10f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-handle-l1-1-0.dll Handle ID: 0xabc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-heap-l1-1-0.dll Handle ID: 0x9d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll Handle ID: 0xe10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-interlocked-l1-1-0.dll Handle ID: 0xe38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-io-l1-1-0.dll Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-io-l1-1-1.dll Handle ID: 0xdb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-kernel32-legacy-l1-1-0.dll Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-kernel32-legacy-l1-1-1.dll Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-libraryloader-l1-1-0.dll Handle ID: 0xe28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-libraryloader-l1-1-1.dll Handle ID: 0x10fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-localization-l1-2-1.dll Handle ID: 0x1100 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-localization-l1-2-0.dll Handle ID: 0xb20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\API-MS-Win-core-localization-obsolete-l1-2-0.dll Handle ID: 0x1104 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-0.dll Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.1_none_9a7f72edef871c0c\vssapi.dll Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-1.dll Handle ID: 0xcdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-memory-l1-1-2.dll Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-namedpipe-l1-1-0.dll Handle ID: 0xea0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-privateprofile-l1-1-0.dll Handle ID: 0x1108 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-privateprofile-l1-1-1.dll Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processenvironment-l1-1-0.dll Handle ID: 0xdf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processenvironment-l1-2-0.dll Handle ID: 0xeb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-1.dll Handle ID: 0xce0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-0.dll Handle ID: 0xafc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-processthreads-l1-1-2.dll Handle ID: 0xeac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-processtopology-obsolete-l1-1-0.dll Handle ID: 0x110c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-profile-l1-1-0.dll Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-realtime-l1-1-0.dll Handle ID: 0xc10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-registry-l1-1-0.dll Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-rtlsupport-l1-1-0.dll Handle ID: 0xde8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-registry-l2-1-0.dll Handle ID: 0xd1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shutdown-l1-1-0.dll Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shlwapi-legacy-l1-1-0.dll Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-string-l1-1-0.dll Handle ID: 0xce4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-string-l2-1-0.dll Handle ID: 0xcb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-string-obsolete-l1-1-0.dll Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-stringansi-l1-1-0.dll Handle ID: 0xd04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-stringloader-l1-1-1.dll Handle ID: 0x888 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-synch-l1-1-0.dll Handle ID: 0xca8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-synch-l1-2-0.dll Handle ID: 0x810 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-2-0.dll Handle ID: 0xcd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-1-0.dll Handle ID: 0xcbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1_none_e748302988525910\KernelBase.dll Handle ID: 0xd10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-sysinfo-l1-2-1.dll Handle ID: 0x908 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-l1-2-0.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-legacy-l1-1-0.dll Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-threadpool-private-l1-1-0.dll Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-timezone-l1-1-0.dll Handle ID: 0xaa8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-util-l1-1-0.dll Handle ID: 0xe08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-url-l1-1-0.dll Handle ID: 0xa90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-version-l1-1-0.dll Handle ID: 0x1110 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-wow64-l1-1-0.dll Handle ID: 0xb3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-core-xstate-l1-1-0.dll Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-core-xstate-l2-1-0.dll Handle ID: 0x9bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-conio-l1-1-0.dll Handle ID: 0x1118 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-environment-l1-1-0.dll Handle ID: 0xed8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-convert-l1-1-0.dll Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-filesystem-l1-1-0.dll Handle ID: 0x9cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-heap-l1-1-0.dll Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-locale-l1-1-0.dll Handle ID: 0xdf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-process-l1-1-0.dll Handle ID: 0xe54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-math-l1-1-0.dll Handle ID: 0xed4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-multibyte-l1-1-0.dll Handle ID: 0xe2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-runtime-l1-1-0.dll Handle ID: 0xda8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-stdio-l1-1-0.dll Handle ID: 0xc94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-string-l1-1-0.dll Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-time-l1-1-0.dll Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-utility-l1-1-0.dll Handle ID: 0xc28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-devices-config-L1-1-0.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll Handle ID: 0xe88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-devices-config-L1-1-1.dll Handle ID: 0xc88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-eventing-consumer-l1-1-0.dll Handle ID: 0x1114 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\API-MS-Win-Eventing-Controller-L1-1-0.dll Handle ID: 0x111c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-Legacy-L1-1-0.dll Handle ID: 0xb48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-crt-private-l1-1-0.dll Handle ID: 0x1120 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-EventLog-Legacy-L1-1-0.dll Handle ID: 0x97c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Eventing-Provider-L1-1-0.dll Handle ID: 0xc80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Security-Lsalookup-L2-1-0.dll Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-security-cryptoapi-l1-1-0.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-Security-Lsalookup-L2-1-1.dll Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-security-base-l1-1-0.dll Handle ID: 0x1124 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\API-MS-Win-security-lsapolicy-l1-1-0.dll Handle ID: 0xbf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\API-MS-Win-security-provider-L1-1-0.dll Handle ID: 0x1128 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_cb14e155c0d63edb\api-ms-win-security-sddl-l1-1-0.dll Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\VhdProvider.dll Handle ID: 0x9b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-core-l1-1-0.dll Handle ID: 0xa44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-core-l1-1-1.dll Handle ID: 0x1130 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-management-l1-1-0.dll Handle ID: 0x1134 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-management-l2-1-0.dll Handle ID: 0x1138 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-private-l1-1-0.dll Handle ID: 0xee0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-private-l1-1-1.dll Handle ID: 0x1140 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\api-ms-win-service-winsvc-l1-1-0.dll Handle ID: 0xee4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_9aef94c8692c24e6\api-ms-win-shcore-stream-l1-1-0.dll Handle ID: 0x1144 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.19041.1_none_46fe4107ec843c76\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml Handle ID: 0xedc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\WimProvider.dll Handle ID: 0x114c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_10.0.19041.1_none_11202b978bec3510\ProvProvider.dll Handle ID: 0x1150 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_21374cb0681a6320\ucrtbase.dll Handle ID: 0xa28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.19041.1_none_793931906e451236\win32kfull.sys Handle ID: 0xa80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1_none_f53b118699fc22cb\setupapi.dll Handle ID: 0xee8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_0067ac1cb4a6c8bc\dbgeng.dll Handle ID: 0xa24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_apppatch_apppatch64_e39bab3b20714e20.cdf-ms Handle ID: 0xf5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_bg-bg_bf6512730a586be9.cdf-ms Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0xe38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_cs-cz_c14bac6f077e8634.cdf-ms Handle ID: 0x10e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_da-dk_c3320a1704a4f7d3.cdf-ms Handle ID: 0x10d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_de-de_c331fe2304a50a2d.cdf-ms Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_el-gr_c5188d6f01cb33fb.cdf-ms Handle ID: 0x8bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_en-gb_c5186ec701cb622d.cdf-ms Handle ID: 0x9dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_en-us_c5188f0d01cb31d2.cdf-ms Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_es-es_c5188e5901cb3357.cdf-ms Handle ID: 0xd60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_es-mx_c51897d701cb2522.cdf-ms Handle ID: 0x994 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_et-ee_c51873a101cb5b86.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fi-fi_c6fef45efef19941.cdf-ms Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fr-ca_c6fee3eafef1b2df.cdf-ms Handle ID: 0x10c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_fr-fr_c6ff0430fef18279.cdf-ms Handle ID: 0x10c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_hr-hr_cacbf364f93e1bad.cdf-ms Handle ID: 0xcd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_hu-hu_cacbf8aaf93e1415.cdf-ms Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_it-it_ccb26e82f6646337.cdf-ms Handle ID: 0x1294 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ja-jp_ce98e130f38ab532.cdf-ms Handle ID: 0x9d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ko-kr_d07f5a9ef0b10088.cdf-ms Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_lt-lt_d265d550edd74905.cdf-ms Handle ID: 0xabc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_lv-lv_d265d8d4edd743f5.cdf-ms Handle ID: 0xaa0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_nb-no_d632bd8ee823eac4.cdf-ms Handle ID: 0xb20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_nl-nl_d632b674e823f679.cdf-ms Handle ID: 0x1104 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pl-pl_d9ffa5a8e2708fad.cdf-ms Handle ID: 0xaec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pt-br_d9ffafece2708111.cdf-ms Handle ID: 0xe00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_pt-pt_d9ffb3b8e2707b6d.cdf-ms Handle ID: 0xe18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_qps-ploc_24e8203102ababf9.cdf-ms Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ro-ro_ddcc9a22dcbd2149.cdf-ms Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_ru-ru_ddcca4aedcbd1219.cdf-ms Handle ID: 0xdb4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sk-sk_dfb30ab4d9e37803.cdf-ms Handle ID: 0x10f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sl-si_dfb306c4d9e37e06.cdf-ms Handle ID: 0xdf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sr-latn-rs_175a7056497f1cbd.cdf-ms Handle ID: 0x1100 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_sv-se_dfb2fdc4d9e38c94.cdf-ms Handle ID: 0x10fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_tr-tr_e1998e9cd709b2e5.cdf-ms Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_uk-ua_e37fe6ecd4302db1.cdf-ms Handle ID: 0xab0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_zh-cn_ed005608c5ef86a4.cdf-ms Handle ID: 0x9c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_efi_zh-tw_ed00671ec5ef6d14.cdf-ms Handle ID: 0xafc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_misc_pcat_6b00b12988eafd38.cdf-ms Handle ID: 0xc68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_fonts_fee710f4f7b180e0.cdf-ms Handle ID: 0x110c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_cs-cz_da8bfa0c28cad1cc.cdf-ms Handle ID: 0x1298 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_da-dk_da67f50e291bdec5.cdf-ms Handle ID: 0xce0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_de-de_da67f5ee291bdcbb.cdf-ms Handle ID: 0xe28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_el-gr_da43f0fe296cebfd.cdf-ms Handle ID: 0xeb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_es-es_da43ed1c296cf1c1.cdf-ms Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_fi-fi_da1fe77a29be0007.cdf-ms Handle ID: 0xa94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_fr-fr_da1fe64829be028f.cdf-ms Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_hu-hu_d9d7d7f62a602593.cdf-ms Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_it-it_d9b3d1222ab13661.cdf-ms Handle ID: 0xd1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ja-jp_d98fca962b0246de.cdf-ms Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ko-kr_d96bc3742b535818.cdf-ms Handle ID: 0xde8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_nb-no_d8ffaee42c468adc.cdf-ms Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_nl-nl_d8ffaf642c46898f.cdf-ms Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pl-pl_d8b7a1782ce8abbb.cdf-ms Handle ID: 0xeac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pt-br_d8b7861c2ce8d537.cdf-ms Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_pt-pt_d8b7a0682ce8adfb.cdf-ms Handle ID: 0xdb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0x8d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_ru-ru_d86f925a2d8ad06f.cdf-ms Handle ID: 0x12a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_sv-se_d84b8da62ddbdc6c.cdf-ms Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_tr-tr_d82784d42e2cf1c3.cdf-ms Handle ID: 0xcb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_zh-cn_d74f2fe2301398dc.cdf-ms Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_zh-tw_d74f4ee430136b4c.cdf-ms Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_0f8921d4be2465c5.cdf-ms Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_bg-bg_055434d5a37035c0.cdf-ms Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_cs-cz_073aced1a096500b.cdf-ms Handle ID: 0xf4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_da-dk_09212c799dbcc1aa.cdf-ms Handle ID: 0xbd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_de-de_092120859dbcd404.cdf-ms Handle ID: 0xcbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_el-gr_0b07afd19ae2fdd2.cdf-ms Handle ID: 0xe04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_en-gb_0b0791299ae32c04.cdf-ms Handle ID: 0xa90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_en-us_0b07b16f9ae2fba9.cdf-ms Handle ID: 0xd38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_es-es_0b07b0bb9ae2fd2e.cdf-ms Handle ID: 0xb3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_es-mx_0b07ba399ae2eef9.cdf-ms Handle ID: 0x1108 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_et-ee_0b0796039ae3255d.cdf-ms Handle ID: 0x1110 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fi-fi_0cee16c198096318.cdf-ms Handle ID: 0xed8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fr-ca_0cee064d98097cb6.cdf-ms Handle ID: 0x1118 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_fr-fr_0cee269398094c50.cdf-ms Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_hr-hr_10bb15c79255e584.cdf-ms Handle ID: 0x12ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_hu-hu_10bb1b0d9255ddec.cdf-ms Handle ID: 0x12b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_it-it_12a190e58f7c2d0e.cdf-ms Handle ID: 0x9bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ja-jp_148803938ca27f09.cdf-ms Handle ID: 0x848 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ko-kr_166e7d0189c8ca5f.cdf-ms Handle ID: 0x9cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_lt-lt_1854f7b386ef12dc.cdf-ms Handle ID: 0xce4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_lv-lv_1854fb3786ef0dcc.cdf-ms Handle ID: 0xe54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_nb-no_1c21dff1813bb49b.cdf-ms Handle ID: 0xdf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_nl-nl_1c21d8d7813bc050.cdf-ms Handle ID: 0xd58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pl-pl_1feec80b7b885984.cdf-ms Handle ID: 0xed4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pt-br_1feed24f7b884ae8.cdf-ms Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_pt-pt_1feed61b7b884544.cdf-ms Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_qps-plocm_9a74fcee4d7b40bf.cdf-ms Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_qps-ploc_2a602976759a80fc.cdf-ms Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ro-ro_23bbbc8575d4eb20.cdf-ms Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_ru-ru_23bbc71175d4dbf0.cdf-ms Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sk-sk_25a22d1772fb41da.cdf-ms Handle ID: 0xc28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sl-si_25a2292772fb47dd.cdf-ms Handle ID: 0xa1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sr-latn-rs_e97cc539ee0d5bc2.cdf-ms Handle ID: 0xf34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_sv-se_25a2202772fb566b.cdf-ms Handle ID: 0xc10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_tr-tr_2788b0ff70217cbc.cdf-ms Handle ID: 0xc94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_uk-ua_296f094f6d47f788.cdf-ms Handle ID: 0x1120 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_zh-cn_32ef786b5f07507b.cdf-ms Handle ID: 0x111c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pxe_zh-tw_32ef89815f0736eb.cdf-ms Handle ID: 0x1114 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_resources_0adab7ac98c3dc03.cdf-ms Handle ID: 0xd08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms Handle ID: 0xb48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_0600d0deecd2b5a2.cdf-ms Handle ID: 0xe88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_scenarios_ce5f6e43b7ab3f41.cdf-ms Handle ID: 0x1124 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_diagtrack_settings_56f8a3f40ce5a801.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_globalization_sorting_04883de290c6ef1b.cdf-ms Handle ID: 0xc88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_0000_b44cadf303cf745f.cdf-ms Handle ID: 0xcdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_0000_86bc982ae65d5d49.cdf-ms Handle ID: 0xb44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_livekernelreports_13126bbee8c1252a.cdf-ms Handle ID: 0x9b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0x86c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0x938 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_rescache_fbd63394dc9300f8.cdf-ms Handle ID: 0x1138 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_rescache_merged_98aae8e844b93807.cdf-ms Handle ID: 0x10cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_vscache_f7bbc75044896c89.cdf-ms Handle ID: 0x8b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_schemas_eaphost_52e2de002c0b1796.cdf-ms Handle ID: 0x1140 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms Handle ID: 0xee0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_schemas_eapmethods_2935fdc1307d3ad6.cdf-ms Handle ID: 0x824 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicestate_5273c861cc221018.cdf-ms Handle ID: 0x10bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms Handle ID: 0x10ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms Handle ID: 0xe08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot2_dcafaffaaa56ddae.cdf-ms Handle ID: 0x12b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_127d0a1d-4ef2-11d1-8608-00c04fc295ee__43d274f6525c55b6.cdf-ms Handle ID: 0xda4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_dcafaffa24ca18cc.cdf-ms Handle ID: 0x113c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__0f6ee2e4c9b287a4.cdf-ms Handle ID: 0x820 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_active_29d3e16aea6e0340.cdf-ms Handle ID: 0x115c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_internal_c92a000dc3e74fc1.cdf-ms Handle ID: 0x900 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_staged_276d48e6ef8844ae.cdf-ms Handle ID: 0x1134 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms Handle ID: 0x9f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_1277fa612e559336.cdf-ms Handle ID: 0x112c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_regback_2cc4cf1020372405.cdf-ms Handle ID: 0xb64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_9dec82772012c8ca.cdf-ms Handle ID: 0xbd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_92209b51227f4d2f.cdf-ms Handle ID: 0x8c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_locallow_ecfb9e22d0b5fdec.cdf-ms Handle ID: 0xa80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_local_bceee85fd37df118.cdf-ms Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_roaming_3488f27ae602299c.cdf-ms Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms Handle ID: 0x116c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstate_a5318eeab3dff807.cdf-ms Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstate_devices_144618422831c928.cdf-ms Handle ID: 0xa08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_driverdata_4e302c7c62b76407.cdf-ms Handle ID: 0xb88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_etc_a531967eb3dfecbd.cdf-ms Handle ID: 0xe6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0xb40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-gb_429cb20e84dc9fef.cdf-ms Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0xcf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_es-mx_429cdb1e84dc62e4.cdf-ms Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_downlevel_3ccc30959b90736e.cdf-ms Handle ID: 0xbe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms Handle ID: 0xd64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fr-ca_448327328202f0a1.cdf-ms Handle ID: 0xe70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_grouppolicyusers_dc4bf95b336ab265.cdf-ms Handle ID: 0x8a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_grouppolicy_8e35dabe44804e33.cdf-ms Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms Handle ID: 0xd14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms Handle ID: 0xd48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms Handle ID: 0xef4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms Handle ID: 0x8a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_sam_5b4992809d2e7248.cdf-ms Handle ID: 0x948 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_scm_5b4992849d2e7236.cdf-ms Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_wmi_5b4992089d2e731c.cdf-ms Handle ID: 0xd0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_logfiles_wmi_rtbackup_03b1b65215e9856c.cdf-ms Handle ID: 0xb50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms Handle ID: 0xb70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x92c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms Handle ID: 0x7f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms Handle ID: 0xa68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms Handle ID: 0xd2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_rastoast_f92eb3787fa05917.cdf-ms Handle ID: 0xbc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms Handle ID: 0xd18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ras_06656461d047b86c.cdf-ms Handle ID: 0x9ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ras_sstpproxy_454ca701ebc80170.cdf-ms Handle ID: 0xf20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms Handle ID: 0x830 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms Handle ID: 0x118c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms Handle ID: 0xb0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms Handle ID: 0xd78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_06656483d047b9b9.cdf-ms Handle ID: 0xca0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_manifests_0e3cdef1f9ad7c5f.cdf-ms Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_schema_b445cd341d59fadc.cdf-ms Handle ID: 0xc58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_store_500af0907ede5ff6.cdf-ms Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_smi_store_machine_f7f45ee58c75b061.cdf-ms Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x11a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sr-latn-rs_36d1e04b1e65a349.cdf-ms Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_autorecover_78e2d7bf652dcf48.cdf-ms Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_logs_1fef5bbcc5e77768.cdf-ms Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_repository_3ba7d111b51b3c3b.cdf-ms Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_tmf_026f0fb07227ea72.cdf-ms Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_winevt_39519e6af36cf6a7.cdf-ms Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_winevt_logs_2ccd04a261f738ce.cdf-ms Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms Handle ID: 0xd54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms Handle ID: 0x950 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_config_397022e597c7bf30.cdf-ms Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_config_regback_520dcf8c985ef2ff.cdf-ms Handle ID: 0x11d4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_driverstore_9d5a0097549f0abb.cdf-ms Handle ID: 0x8b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_drivers_193c6528ad70a5e7.cdf-ms Handle ID: 0xfc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0x11d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x904 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_1bf253f5a7664eed.cdf-ms Handle ID: 0x11b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_manifests_3a5de332226f42b3.cdf-ms Handle ID: 0xc44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_store_7b60732feba1c4a2.cdf-ms Handle ID: 0x990 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_smi_store_machine_d77e364e5a797f0d.cdf-ms Handle ID: 0x11b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_1bf25d11bb30b33f.cdf-ms Handle ID: 0xdd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_autorecover_e1421be265f17780.cdf-ms Handle ID: 0x1230 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_logs_4b44de5c32aadc14.cdf-ms Handle ID: 0xb54 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_repository_a407152b7f5ece07.cdf-ms Handle ID: 0x1238 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wbem_xml_3f8ffc24c43a2ff4.cdf-ms Handle ID: 0x123c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_downlevel_6821b3350853d81a.cdf-ms Handle ID: 0xa84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms Handle ID: 0x8cc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_tracing_bca9e27848ac4cc0.cdf-ms Handle ID: 0x910 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_3f582555a4c8be22.cdf-ms Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_08335f148b847d02.cdf-ms Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_application_85e0c568acb2deec.cdf-ms Handle ID: 0xfe8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_vss_writers_system_e29eb58bafd8a559.cdf-ms Handle ID: 0x968 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_waas_401032e7a18c2040.cdf-ms Handle ID: 0x1264 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_waas_services_ddfc4ae175ff1678.cdf-ms Handle ID: 0xdc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_winsxs_installtemp_a7200a27e5239119.cdf-ms Handle ID: 0xa4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms Handle ID: 0xbec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms Handle ID: 0x117c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_network_connections_2e5c3accd04dd407.cdf-ms Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_2e1ff34936d2e8e5.cdf-ms Handle ID: 0xf28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_gameexplorer_eb83b477ca9834cc.cdf-ms Handle ID: 0xbb8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_onesettings_d58936a49a7f4b26.cdf-ms Handle ID: 0x101c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_startup_b13751030220a596.cdf-ms Handle ID: 0x1024 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_templates_15e72976404301fc.cdf-ms Handle ID: 0x1074 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportarchive_5449504010b82c41.cdf-ms Handle ID: 0x83c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportqueue_9ca35f30fc68b178.cdf-ms Handle ID: 0x105c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_temp_783673b09e921b6b.cdf-ms Handle ID: 0x1084 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wfp_1409fc168e700932.cdf-ms Handle ID: 0x934 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x1274 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_bc5dd6ae41aaaeeb.cdf-ms Handle ID: 0x1270 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_3433db0fbe07ab7f.cdf-ms Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windowsapps_522fbbfd57c17136.cdf-ms Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_9e28651fd972d480.cdf-ms Handle ID: 0x858 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_gameexplorer_5a14824a005868dd.cdf-ms Handle ID: 0x99c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_history_f4337fe0129e212c.cdf-ms Handle ID: 0x9c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcache_93b6f38324ca2118.cdf-ms Handle ID: 0xac0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcookies_706c818672b5499f.cdf-ms Handle ID: 0x1098 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_local_temp_3274946c96022019.cdf-ms Handle ID: 0x1278 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_network_shortcuts_cbcbd4ac7028a985.cdf-ms Handle ID: 0x1080 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_recent_ca449f9bba09f987.cdf-ms Handle ID: 0xab4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_sendto_cc2b2363b7303311.cdf-ms Handle ID: 0x127c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessories_73cb70a3fcd6fd42.cdf-ms Handle ID: 0xe24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_system_tools_b726d34a5a5ca66e.cdf-ms Handle ID: 0x1078 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_templates_9327e87141b4e78f.cdf-ms Handle ID: 0x984 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_desktop_39aa59e1159d1203.cdf-ms Handle ID: 0xc20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_documents_a9a4e48ccdf32dcf.cdf-ms Handle ID: 0x95c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_downloads_d0a063ac92c2c070.cdf-ms Handle ID: 0x10e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_favorites_d09a481c8ccc2a28.cdf-ms Handle ID: 0x10ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_links_4064ed15230be7d0.cdf-ms Handle ID: 0x10f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_music_4066f7392302d756.cdf-ms Handle ID: 0xde4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_pictures_209185c2b71537e4.cdf-ms Handle ID: 0x10c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_saved_games_57aaea1c026aa551.cdf-ms Handle ID: 0x107c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_videos_4078dfd58aff2cd5.cdf-ms Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_8c076a3be22985a1.cdf-ms Handle ID: 0xcd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_desktop_2377dac7383055bd.cdf-ms Handle ID: 0xabc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_documents_70461e22eba239ef.cdf-ms Handle ID: 0xab8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_downloads_631cc37cff593fe6.cdf-ms Handle ID: 0xb60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_libraries_de6591322faedac0.cdf-ms Handle ID: 0x10fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_music_8c1f3dc399e79184.cdf-ms Handle ID: 0x1100 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_pictures_f5e7b0c0fda4db8c.cdf-ms Handle ID: 0x10c8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_public_videos_20f7329ef941f593.cdf-ms Handle ID: 0xe0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:00 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32_31bf3856ad364e35_10.0.19041.1_none_221a3861b159743a\shell32.dll.mun Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.19041.1_en-us_97b67612f5fefc64\bootres.dll.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..se-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_cfcf9eab1d4356c7\basebrd.dll.mui Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..servicing.resources_31bf3856ad364e35_10.0.19041.1_en-us_221f998bb589fc86\bfsvc.exe.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-notepad.resources_31bf3856ad364e35_10.0.19041.1_en-us_d3d6e5956e57a60b\notepad.exe.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0c24a7fa21cc723\regedit.exe.mui Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_9282db59dc3419f7\lagcounterdef.ini Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:01 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aero.resources_31bf3856ad364e35_10.0.19041.1_en-us_f0379010f961da55\aero.msstyles.mui Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_d26e0637cf86d0d1\winresume.efi.mui Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winresume.efi.mui Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_10.0.19041.1_en-us_d26e0637cf86d0d1\winresume.exe.mui Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winresume.exe.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ws-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1e24b78f138956a\winload.efi.mui Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winload.efi.mui Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ws-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1e24b78f138956a\winload.exe.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c89c78983615cee\winload.exe.mui Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..collector.resources_31bf3856ad364e35_10.0.19041.1_en-us_68bde2d1a04456f8\DiagnosticsHub.StandardCollector.ServiceRes.dll.mui Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_10.0.19041.1_en-us_975fc9d541a29a7b\PEProvider.dll.mui Handle ID: 0x11a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ers-winpe.resources_31bf3856ad364e35_10.0.19041.1_en-us_f37e6558fa000bb1\PEProvider.dll.mui Handle ID: 0x1260 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..-agilevpn.resources_31bf3856ad364e35_10.0.19041.1_en-us_d53c2a5780c0554a\agilevpn.sys.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_eeabdb05f6ee48e5\cdrom.sys.mui Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ineconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4eb35a66fea5b8c\cmimcext.sys.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_69a3ec4d68428b49\acpi.sys.mui Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mshdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_24636be4acc48ef5\ataport.sys.mui Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..itefilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_5220cedf75163124\fbwf.sys.mui Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc67b02583104975\disk.sys.mui Handle ID: 0xf60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d215b38a0ba5d9f4\dmvsc.sys.mui Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\dumpsd.sys.mui Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d9ede21b029ea84\hidbatt.sys.mui Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ager-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a0dff57a77260bb\fltmgr.sys.mui Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_input.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d790c0a55c1391be\hidclass.sys.mui Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_machine.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafe1ef88d632cf1\isapnp.sys.mui Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\kbdhid.sys.mui Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\kbdclass.sys.mui Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipmidrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe04272f5af8f8fd\IPMIDRV.sys.mui Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\mouhid.sys.mui Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_f2fe3e4cdea49006\mountmgr.sys.mui Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_01d9cddf1dc42162\afd.sys.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\mouclass.sys.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\i8042prt.sys.mui Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mssmbios.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4828162943df97b\mssmbios.sys.mui Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mtconfig.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30aa9dc9643c7203\MTConfig.sys.mui Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..irtualbus.resources_31bf3856ad364e35_10.0.19041.1_en-us_ac0b3c7d0a7b529a\NdisVirtualBus.sys.mui Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_10.0.19041.1_en-us_5243fbc0ded0c5bf\ndisuio.sys.mui Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..terdriver.resources_31bf3856ad364e35_10.0.19041.1_en-us_80342690e638a891\fvevol.sys.mui Handle ID: 0xfec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup.resources_31bf3856ad364e35_10.0.19041.1_en-us_964559f67670676e\mup.sys.mui Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\parport.sys.mui Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_b41cd326ea03d7cd\partmgr.sys.mui Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pdc.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5359bd391fe0ec7\pdc.sys.mui Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_167169796afde604\netvsc.sys.mui Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8e6664975a31d2e\http.sys.mui Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_de7e3bb1542b73c9\pcmcia.sys.mui Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad4386f1e498a588\processr.sys.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ac94a7992f963bc\pci.sys.mui Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rdbss.resources_31bf3856ad364e35_10.0.19041.1_en-us_dae8180a06c68b0a\rdbss.sys.mui Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.s..rt_driver.resources_31bf3856ad364e35_10.0.19041.1_en-us_06f0463a8ffb0862\scsiport.sys.mui Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e6820a3a67d132b\scmbus.sys.mui Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs-v1.resources_31bf3856ad364e35_10.0.19041.1_en-us_015b430cf72af3e4\refsv1.sys.mui Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9567ad83a0d7d2c3\sdstor.sys.mui Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_25513bd94ea29285\nvdimm.sys.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\sermouse.sys.mui Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\sdbus.sys.mui Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pmem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_181ef79b6d283f1d\pmem.sys.mui Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refs.resources_31bf3856ad364e35_10.0.19041.1_en-us_68c01a3fbb588324\refs.sys.mui Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\serial.sys.mui Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..os-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_0bf40dc511913ae2\storqosflt.sys.mui Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad377322445ff73a\usbstor.sys.mui Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ndis.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c0ba3b1930f1c42\ndis.sys.mui Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacdrv.sys.mui Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f4c02d18a0b961\tpm.sys.mui Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_10.0.19041.1_en-us_f52979919311afd5\mrxsmb.sys.mui Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ifier-xdv.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2472aa08b42b57f\VerifierExt.sys.mui Handle ID: 0x11a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\vmbus.sys.mui Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volmgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0939b1bd5303163\volmgr.sys.mui Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbhub.sys.mui Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..memanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a8499cf2748e5aa\volmgrx.sys.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorflt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53bde37991dff607\vmstorfl.sys.mui Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ellibrary.resources_31bf3856ad364e35_10.0.19041.1_en-us_d37782f39a9ff8fa\wdf01000.sys.mui Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\wfplwfs.sys.mui Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cafa91c1196c1cf\USBXHCI.SYS.mui Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hiddigi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ecddc2d575d046f0\wacompen.sys.mui Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071ca90aef89fb5c\vdrvroot.sys.mui Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-ws2ifsl.resources_31bf3856ad364e35_10.0.19041.1_en-us_dfa661fa6e1ce851\ws2ifsl.sys.mui Handle ID: 0xffc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..layfilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb4aaced1e956418\wof.sys.mui Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vhdmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a05990b658517951\vhdmp.sys.mui Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_3ware.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb73c27a8a348f7c\3ware.inf_loc Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_69a3ec4d68428b49\acpi.inf_loc Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_1394.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_18abfb34c13d1e13\1394.inf_loc Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpidev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a1168fca20107098\AcpiDev.inf_loc Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpipagr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_81ed51eb46f200bd\acpipagr.inf_loc Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_acpitime.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_00ed29b0a1af03fe\acpitime.inf_loc Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdgpio2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071727247d4b9b6d\AMDGPIO2.inf_loc Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b44c7b4a3610ffa\AMDI2C.inf_loc Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30a183fa06c34f68\USBHUB3.SYS.mui Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_adp80xx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df8614f20a01459d\adp80xx.inf_loc Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdsata.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f61df630eb0c2b11\amdsata.inf_loc Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_amdsbs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8078ca9d04cdbac0\AMDSBS.inf_loc Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbport.sys.mui Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_basicdisplay.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef20656b7106b82c\basicdisplay.inf_loc Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_basicrender.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4284d3375f71b9a4\BasicRender.inf_loc Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_battery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1ae2ca39d951ff1d\battery.inf_loc Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_buttonconverter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d50b9ac6c88aca\buttonconverter.inf_loc Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_eeabdb05f6ee48e5\cdrom.inf_loc Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aa34a00fd92c68f\ntfs.sys.mui Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_arcsas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_087bc2f3557d59f3\arcsas.inf_loc Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4sx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b842c4caa709c970\cht4sx64.inf_loc Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cmbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_05d01a77a31b22e9\cmbatt.inf_loc Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_nettrans.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3e17bf3da9763d4\c_nettrans.inf_loc Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_ne..rvice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0efd6fb5e7c3b2e9\c_netservice.inf_loc Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_wceusbs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbc5625120424a96\c_wceusbs.inf_loc Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_volsnap.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f10129f07919aaf9\c_volsnap.inf_loc Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d088999d27449a54\c_usbfn.inf_loc Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2078850c976d2d44\c_usb.inf_loc Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_unknown.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_feb9fba146835368\c_unknown.inf_loc Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_system.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f8c54ae1d45eb4b7\c_system.inf_loc Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcardfilter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_72075751babf5dc7\c_smartcardfilter.inf_loc Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d199d2ff9bb1564b\c_smartcard.inf_loc Handle ID: 0xf60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_securitydevices.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_500dd0edcc8d8195\c_securitydevices.inf_loc Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sdhost.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d4107e01753addd7\c_sdhost.inf_loc Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sbp2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_690d1ff258d72c31\c_sbp2.inf_loc Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_printer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97be91b029c2a806\c_printer.inf_loc Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_ports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa48532b71d7f47c\c_ports.inf_loc Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_pnpprinters.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8670f1bf172d66bf\c_pnpprinters.inf_loc Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f85134649ee7693d\c_pcmcia.inf_loc Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb1d995f4ea9d4f2\c_multiportserial.inf_loc Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_multifunction.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fda6760d5c07176b\c_multifunction.inf_loc Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mtd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7baab7dea4440a3\c_mtd.inf_loc Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_modem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_613fe2bafe37ec6a\c_modem.inf_loc Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_memory.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c8539a829c1c8b\c_memory.inf_loc Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_legacydriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc6a8f9c4beb94bf\c_legacydriver.inf_loc Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_hidclass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_acb7624fe6a5e203\c_hidclass.inf_loc Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_dot4print.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_543f1a94d06bb420\c_dot4print.inf_loc Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_dot4.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb3a876a15cdcdeb\c_dot4.inf_loc Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_computer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_334099b181eba155\c_computer.inf_loc Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_bluetooth.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e3c515351903d04\c_bluetooth.inf_loc Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_biometric.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_058d0d809f4f9960\c_biometric.inf_loc Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_battery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eb6238b44c72911\c_battery.inf_loc Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_avc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e997cb352f5383aa\c_avc.inf_loc Handle ID: 0x1164 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_61883.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_07f6564378d8befa\c_61883.inf_loc Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_1394.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b60fa7006b7bc33f\c_1394.inf_loc Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-volsnap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3c77729d2d39b27\volsnap.sys.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cpu.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad4386f1e498a588\cpu.inf_loc Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_apo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_becf38149a60e628\c_apo.inf_loc Handle ID: 0x11a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbd42ccfce385e2d\spaceport.sys.mui Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4nulx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5f0ab577b0763a0a\cht4nulx64.inf_loc Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_camera.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4eefb5dcf0fc0a7\c_camera.inf_loc Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_usbdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f156093de8c7252\c_usbdevice.inf_loc Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_tapedrive.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0e191f0a69a05688\c_tapedrive.inf_loc Handle ID: 0xfec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scsiadapter.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8ace7064f2c636d\c_scsiadapter.inf_loc Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mediumchanger.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0de1f9f10ff6b8f\c_mediumchanger.inf_loc Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_hdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f56320382a22a1df\c_hdc.inf_loc Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_floppydisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4e0c091a021d5487\c_floppydisk.inf_loc Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dee59a767afd8bfd\c_fdc.inf_loc Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_35ab524ee8e8640b\c_cdrom.inf_loc Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_cht4vx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f0724b4a4723ac33\cht4vx64.inf_loc Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver-v2.resources_31bf3856ad364e35_10.0.19041.1_en-us_e6ec473acfdb3608\srv2.sys.mui Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_computeaccelerator.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_82583126df093074\c_computeaccelerator.inf_loc Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_b57nd60a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_73104e6df57778dd\b57nd60a.inf_loc Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_diskdrive.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_99aaa3b9a46f5c07\c_diskdrive.inf_loc Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_display.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2884ec2111de828\c_display.inf_loc Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_extension.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc290077fb46ced2\c_extension.inf_loc Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_firmware.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4f4e0388619c2f7\c_firmware.inf_loc Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsactivitymonitor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a726c775ee528f6\c_fsactivitymonitor.inf_loc Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsantivirus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e8a3ad9373ab26d0\c_fsantivirus.inf_loc Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscfsmetadataserver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4c19aebdcfad1d3\c_fscfsmetadataserver.inf_loc Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscompression.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1fa2e64b417bac13\c_fscompression.inf_loc Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscontentscreener.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c6f7a9733a46dbf\c_fscontentscreener.inf_loc Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscontinuousbackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f57e26eb2c97e48\c_fscontinuousbackup.inf_loc Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fscopyprotection.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_932ee91eba631169\c_fscopyprotection.inf_loc Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsencryption.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_12c48ebdb6b08f2c\c_fsencryption.inf_loc Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fshsm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e70c9980bf906c51\c_fshsm.inf_loc Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsinfrastructure.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_59f5e236507335be\c_fsinfrastructure.inf_loc Handle ID: 0x11a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2aa71f4e335f00a1\c_fsopenfilebackup.inf_loc Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsphysicalquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3084b4038c52cfc3\c_fsphysicalquotamgmt.inf_loc Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cd245fb0bbfdc24\c_fsquotamgmt.inf_loc Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_bnxtnd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_625ced9cec7e02d0\bnxtnd.inf_loc Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsreplication.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a7c8497775436d1\c_fsreplication.inf_loc Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssecurityenhancer.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a0dbc36ca525af79\c_fssecurityenhancer.inf_loc Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssystem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7739ae28058068ac\c_fssystem.inf_loc Handle ID: 0x1260 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fssystemrecovery.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8576afa64c6d0b5b\c_fssystemrecovery.inf_loc Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsundelete.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_adcad7123c92f31b\c_fsundelete.inf_loc Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_fsvirtualization.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_413897ee35c40e4a\c_fsvirtualization.inf_loc Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_image.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_66fe9c814b19361c\c_image.inf_loc Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_infrared.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d290e6c3e59d8b6d\c_infrared.inf_loc Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smartcardreader.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_299bea1855072cfa\c_smartcardreader.inf_loc Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c63c716dd4b8ea61\c_mouse.inf_loc Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba971b8f818ffa97\c_keyboard.inf_loc Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_mcx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4b30b89252a6816\c_mcx.inf_loc Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_media.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_64e5ca1dfef06e34\c_media.inf_loc Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_monitor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ba2d96d8d1617d0\c_monitor.inf_loc Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ef517d861ab8bfd\tcpip.sys.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-winpe__c_net.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8a9de4e45233aae8\c_net.inf_loc Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_netdriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bb0d3822d84626d\c_netdriver.inf_loc Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_processor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_efe2f39b6183cf7e\c_processor.inf_loc Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_proximity.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d4a3231f166c07\c_proximity.inf_loc Handle ID: 0x125c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scmdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_da2f3464feeb9e82\c_scmdisk.inf_loc Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_scmvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_274dc8e89da352e1\c_scmvolume.inf_loc Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9c2be843fdc9452d\c_smrdisk.inf_loc Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_873df249fcda56f6\c_smrvolume.inf_loc Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_550a59db0f5621b0\c_sslaccel.inf_loc Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_swcomponent.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ebbeb1eafbc08f5f\c_swcomponent.inf_loc Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_swdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c528fd7176b0948\c_swdevice.inf_loc Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_ucm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_71cdf38e70f13729\c_ucm.inf_loc Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_c_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_967fed3868e66714\c_volume.inf_loc Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc67b02583104975\disk.inf_loc Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_dc21x4vm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b0f1d19dad31335\dc21x4vm.inf_loc Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_errdev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5586319204196c24\errdev.inf_loc Handle ID: 0xffc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_fdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c3bf1a1759c9e111\fdc.inf_loc Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_flpydisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9f54e21a11bb1aa\flpydisk.inf_loc Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_genericusbfn.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5b33cb4822df779\genericusbfn.inf_loc Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_e2xw10x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1009dfe7ac500a7b\e2xw10x64.inf_loc Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hal.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f37bb3ff4cf58aaf\hal.inf_loc Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_halextintclpiodma.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f52bab9e1d8a2132\HalExtIntcLpioDma.inf_loc Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_halextpl080.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafc7a7e78c38aec\HalExtPL080.inf_loc Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_95158cf730b5589a\hdaudbus.inf_loc Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d9ede21b029ea84\hidbatt.inf_loc Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hiddigi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ecddc2d575d046f0\hiddigi.inf_loc Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidi2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_446adfd2698e55a5\hidi2c.inf_loc Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidinterrupt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d5be2e1db69bd88\hidinterrupt.inf_loc Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidspi_km.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7833d62c3e7a938\hidspi_km.inf_loc Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidvhf.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_00a2c8865b19c705\hidvhf.inf_loc Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hidserv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc2a12a5e4e77b7b\hidserv.inf_loc Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iagpio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_425241a3f2c823d7\iagpio.inf_loc Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iai2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4b53532800d581e2\iai2c.inf_loc Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hpsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b94f84a4bf1696bb\hpsamd.inf_loc Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_54336e46836d45b5\iaLPSS2i_GPIO2_BXT_P.inf_loc Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1aff042fdca6b9af\iaLPSS2i_GPIO2_CNL.inf_loc Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_glk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca0703bc07355f54\iaLPSS2i_GPIO2_GLK.inf_loc Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_gpio2_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_941dd277bd5aa2a2\iaLPSS2i_GPIO2_SKL.inf_loc Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d01977211c836f8c\iaLPSS2i_I2C_BXT_P.inf_loc Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_glk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e201373da258c75\iaLPSS2i_I2C_GLK.inf_loc Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9cb669d76a02ffe0\iaLPSS2i_I2C_CNL.inf_loc Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpss2i_i2c_skl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_687c6aaf86e0dde3\iaLPSS2i_I2C_SKL.inf_loc Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpssi_gpio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76ba7f51e7cc24d5\ialpssi_gpio.INF_loc Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ialpssi_i2c.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_da74ee7a2e23cd0c\iaLPSSi_I2C.INF_loc Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iastorav.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a08116a658dd8d53\iastorav.inf_loc Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iastorv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ee508f7215b4e42\iastorv.inf_loc Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipmidrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe04272f5af8f8fd\ipmidrv.inf_loc Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iscsi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a34220a7c1295edd\iscsi.inf_loc Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_kdnic.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6a39b593cd0620bd\kdnic.inf_loc Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lltdio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d5953839c6abd90\lltdio.inf_loc Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_itsas35i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4b2659804152b7b\itSAS35i.inf_loc Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2a6fe6c18fc737e\lsi_sas.inf_loc Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sss.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7da15b6f3305a080\lsi_sss.inf_loc Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_65f0dfeed6d55baf\lsi_sas2i.inf_loc Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ipoib6x.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b609a6beb3bb889f\ipoib6x.inf_loc Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mausbhost.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_60d296e028e58b66\mausbhost.inf_loc Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_lsi_sas3i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9a80d390049f398\lsi_sas3i.inf_loc Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2218c3d9338d1ee7\megasas.inf_loc Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c705ef7f26fe9ca0\megasas2i.inf_loc Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mf.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76c26c832162157b\mf.inf_loc Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasas35i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a65e7d58dbc7d272\megasas35i.inf_loc Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_machine.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fafe1ef88d632cf1\machine.inf_loc Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mssmbios.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4828162943df97b\mssmbios.inf_loc Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mtconfig.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30aa9dc9643c7203\MTConfig.inf_loc Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_keyboard.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e499df0d0bbbbb23\keyboard.inf_loc Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msports.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bdfd7b65d29446fe\msports.inf_loc Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mvumis.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6bd3d2b7fd41dfb\mvumis.inf_loc Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mshdc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_24636be4acc48ef5\mshdc.inf_loc Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mlx4_bus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0832d82c8b6430a8\mlx4_bus.inf_loc Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mwlu97w8x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_721ec27a8766c338\mwlu97w8x64.inf_loc Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisimplatform.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6495c87605b878e1\NdisImPlatform.inf_loc Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mchgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_570dedefa84bacb1\mchgr.inf_loc Handle ID: 0xf44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_input.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d790c0a55c1391be\input.inf_loc Handle ID: 0xea8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisuio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_81896a850e566a6d\ndisuio.inf_loc Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msux64w10.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4626be9c5fa5183d\msux64w10.INF_loc Handle ID: 0x12b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisvirtualbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ddf1e53c2a9427f3\NdisVirtualBus.inf_loc Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ndisimplatformmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3f604b9e4185ac8\NdisImPlatformMp.inf_loc Handle ID: 0xe48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net44amd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_06de1174861a19c3\net44amd.inf_loc Handle ID: 0x944 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_msmouse.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8760c26735753ce3\msmouse.inf_loc Handle ID: 0x9e4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netavpna.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_1d99719d72b87bcd\netavpna.inf_loc Handle ID: 0xfec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net1yx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_acbc043198b5393b\net1yx64.inf_loc Handle ID: 0x814 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_14537e3ce66d098c\net7500-x64-n650f.inf_loc Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7400-x64-n650.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2251beb4c5c7dcf\net7400-x64-n650.inf_loc Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net9500-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c227ac32fd2e573a\net9500-x64-n650f.inf_loc Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netbvbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4419a66eb70a8ac\netbvbda.inf_loc Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netax88179_178a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a8afbb726a40cdf7\NETAX88179_178a.inf_loc Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net7800-x64-n650f.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_def76010b3bbbacf\net7800-x64-n650f.inf_loc Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netax88772.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bf57d5a86ae2c12a\NETAX88772.inf_loc Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_megasr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c49b51df611700ff\megasr.inf_loc Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6eb3f9339e604b9e\netimm.inf_loc Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netip6.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_411533700b52f05c\netip6.inf_loc Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_net1ix64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d58e447342d5d52b\net1ix64.inf_loc Handle ID: 0xf58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netg664.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b3036518870dac\netg664.inf_loc Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nete1e3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c698e2a23f23d8c6\nete1e3e.inf_loc Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl160a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6222a69bcf9c34d\netl160a.inf_loc Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netjme.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab3f79387ada282d\netjme.inf_loc Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netloop.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_503fb5282a4e178d\netloop.inf_loc Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl260a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_91d17268f257b98e\netl260a.inf_loc Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl1e64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae3a411481bf6ffb\netl1e64.inf_loc Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netefe3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0362be1e4b97d43b\neteFE3e.inf_loc Handle ID: 0x8f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netk57a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5205ba49a025de3\netk57a.inf_loc Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nete1g3e.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ac2561016d613d4\nete1g3e.inf_loc Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netl1c63x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad12f6b9ba0aa916\netl1c63x64.inf_loc Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmscli.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ee1b553e19ac22ed\netmscli.inf_loc Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_23e729dfc2b3f0bb\netnb.inf_loc Handle ID: 0xf4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a83f2c544e3fcfb1\netevbda.inf_loc Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrasa.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3742e14858d54ccc\netrasa.inf_loc Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_31a5414b1d0d2b5a\netrass.inf_loc Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnvma.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a25d156d7c8926f\netnvma.inf_loc Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrast.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2315bd90a7f3d429\netrast.inf_loc Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netserv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_653ad52140ef5069\Netserv.inf_loc Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnvm64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_177efc82da108066\netnvm64.inf_loc Handle ID: 0xf04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netbxnda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_98df9b0f6459f782\netbxnda.inf_loc Handle ID: 0xf48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netsstpa.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_084d6fe3e8ab4ae2\netsstpa.inf_loc Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmlx5.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d04b374d5faa45ed\netmlx5.inf_loc Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6553745f50881c0b\nettcpip.inf_loc Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmlx4eth63.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_509a6db24c24bc78\netmlx4eth63.inf_loc Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netmyk64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba79d1f6d6ddc5c4\netmyk64.inf_loc Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netvg63a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2dac0b7938786d6\netvg63a.inf_loc Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_25513bd94ea29285\nvdimm.inf_loc Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netvf63a.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f49aa1775e299095\netvf63a.inf_loc Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nvraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e20958c3e2e0dc7e\nvraid.inf_loc Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netrtl64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d8f1244d31e4ffb9\netrtl64.inf_loc Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netqevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f884fe3cceeff720\netqevbda.inf_loc Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ac94a7992f963bc\pci.inf_loc Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_nett4x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef4eba8f7fc9967b\nett4x64.inf_loc Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pmem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_181ef79b6d283f1d\pmem.inf_loc Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netxex64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d8b9290e52f4248\netxex64.inf_loc Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_percsas3i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bfb26d4b8d6e599\percsas3i.inf_loc Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rspndr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_76dc9c37000f2019\rspndr.inf_loc Handle ID: 0x1260 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_percsas2i.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e843f98a8f624db0\percsas2i.inf_loc Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_qd3x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dba9e55528ac2948\qd3x64.inf_loc Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sbp2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_698ec849d4f81b45\sbp2.inf_loc Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3e6820a3a67d132b\scmbus.inf_loc Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_311757bc5f52e3b0\volume.inf_loc Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f1eff5837296684c\smrvolume.inf_loc Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scmvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_714bc5c3eafbc787\scmvolume.inf_loc Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_pcmcia.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_de7e3bb1542b73c9\pcmcia.inf_loc Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9567ad83a0d7d2c3\sdstor.inf_loc Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sisraid2.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_754a204edd0f0d9f\sisraid2.inf_loc Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netxix64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_33fb3850baa71b4c\netxix64.inf_loc Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sisraid4.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fcb87ae32ff83d71\sisraid4.inf_loc Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smartsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_8588e8855f6ff254\SmartSAMD.inf_loc Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_354185f777dd0e79\smrdisk.inf_loc Handle ID: 0xf60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_sdbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0ac5bc47e450655\sdbus.inf_loc Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rtux64w10.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_11620f10817d5e71\rtux64w10.inf_loc Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rt640x64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97e16ac4c71ce8ac\rt640x64.inf_loc Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_bbd42ccfce385e2d\spaceport.inf_loc Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netqenda.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ae4708a5c6c73c8\netqenda.inf_loc Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_stexstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a309f5bbc8328172\STEXSTOR.inf_loc Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netelx.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_196b5dadc5c810b6\netelx.inf_loc Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_swenum.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_290071cd2ec341ed\swenum.inf_loc Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_storufs.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_db28a282598e9538\storufs.inf_loc Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_stornvme.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_97629f390a710428\stornvme.inf_loc Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f4c02d18a0b961\tpm.inf_loc Handle ID: 0x125c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_uaspstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_40ef14beeef02bab\uaspstor.inf_loc Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_scsidev.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3826b3f85d92e559\scsidev.inf_loc Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_uefi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5f55e23afe496b55\uefi.inf_loc Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ufxchipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_26743bedd817ad4e\ufxchipidea.inf_loc Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ufxsynopsys.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad3366575b4371b1\ufxsynopsys.inf_loc Handle ID: 0x11a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_umbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_74e8d13cb3a2fc96\umbus.inf_loc Handle ID: 0x11a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_tape.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d8d3f605e0b7376a\tape.inf_loc Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_umpass.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7f83ed651cda9271\umpass.inf_loc Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_unknown.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e6cc4fa17bf56da4\unknown.inf_loc Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbser.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f71c5a6fc324bee0\usbser.inf_loc Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbhub3.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30a183fa06c34f68\usbhub3.inf_loc Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_product-onecore__usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_6cafa91c1196c1cf\usbxhci.inf_loc Handle ID: 0xffc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vdrvroot.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_071ca90aef89fb5c\vdrvroot.inf_loc Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vhdmp.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a05990b658517951\vhdmp.inf_loc Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_virtdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd56640ae466af1e\virtdisk.inf_loc Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volmgr.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0939b1bd5303163\volmgr.inf_loc Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_volsnap.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9543879209b8745\volsnap.inf_loc Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vsmraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ceb6b8b928340c2\vsmraid.inf_loc Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_df0f6f89afc1a0e8\usb.inf_loc Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_vstxraid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e0e0cff64eb1c477\vstxraid.inf_loc Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d215b38a0ba5d9f4\wdmvsc.inf_loc Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_whyperkbd.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_927da2fb396c3afe\whyperkbd.inf_loc Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_412cb03a0b7a7f12\wdmaudio.inf_loc Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbstor.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad377322445ff73a\usbstor.inf_loc Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wmiacpi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d0bb86732bc23a8\wmiacpi.inf_loc Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorflt.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53bde37991dff607\wstorflt.inf_loc Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wstorvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0efce8a95b0255a7\wstorvsc.inf_loc Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\wvmbus.inf_loc Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d1394aa83874dc9\wvmbushid.inf_loc Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wvmbusvideo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_c2e479249f02e0c3\wvmbusvideo.inf_loc Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wnetvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_167169796afde604\wnetvsc.inf_loc Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ykinx64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4055687bbea9193\ykinx64.inf_loc Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_usbport.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3fdd12d463484b9\usbport.inf_loc Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..apc-layer.resources_31bf3856ad364e35_10.0.19041.1_en-us_7be7a5cee15a57f2\adsldpc.dll.mui Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e347ed36a45fd81\activeds.dll.mui Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32.resources_31bf3856ad364e35_10.0.19041.1_en-us_ce7a85b750327612\advapi32.dll.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atl.resources_31bf3856ad364e35_10.0.19041.1_en-us_54eba4eaa26984df\atl.dll.mui Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-attrib.resources_31bf3856ad364e35_10.0.19041.1_en-us_96c8ce3d85e3c8dc\attrib.exe.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\arp.exe.mui Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_11.0.19041.1_en-us_210a558112d44067\advpack.dll.mui Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bf4ecc0039c575d\authui.dll.mui Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcrypt.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e5423567305fe78\bcrypt.dll.mui Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..t-strings.resources_31bf3856ad364e35_10.0.19041.1_en-us_d3c612fa621c9f6a\bootstr.dll.mui Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-brokerbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_5a7f62f12dac2520\BrokerLib.dll.mui Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6fed10e17ad6860\bcdboot.exe.mui Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-capisp-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_c9e2a305668ff2a7\capisp.dll.mui Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c1a13e5adfb2af2\chkdsk.exe.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ityclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_1ab0646e3f323fae\certcli.dll.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_10.0.19041.1_en-us_76bf1a170487a6bc\chkntfs.exe.mui Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_82175a59d98ac09a\chkwudrv.dll.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0c24a7fa21cc723\clb.dll.mui Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-commonlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_c849c8ae99dec2f9\clfs.sys.mui Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ectortool.resources_31bf3856ad364e35_10.0.19041.1_en-us_2bb281c48f9cbef4\bootsect.exe.mui Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-aclui.resources_31bf3856ad364e35_10.0.19041.1_en-us_f7c2e1b250493bfc\aclui.dll.mui Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\bfe.dll.mui Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ertca-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_2410d445bf18b55f\certca.dll.mui Handle ID: 0xf44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-advapi32res.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea3ae8cfbde65044\advapi32res.dll.mui Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-c..host-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c6d15e195ed1b14\Conhost.exe.mui Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..olehostv1.resources_31bf3856ad364e35_10.0.19041.1_en-us_31ca39347c9240f0\ConhostV1.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-compact.resources_31bf3856ad364e35_10.0.19041.1_en-us_83b3f4081a9cc6c7\compact.exe.mui Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..n-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_72a8a82fc2ed76e2\ConsoleLogon.dll.mui Handle ID: 0x1164 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_95c525353ceeef67\clusapi.dll.mui Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..r-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_89e92105cd6d77fe\CredProv2faHelper.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e70c9a2dd0624b1\combase.dll.mui Handle ID: 0x12b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a8672d636923f63\credprovhost.dll.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..s-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_4654f934d21cd8cf\credprovs.dll.mui Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..integrity.resources_31bf3856ad364e35_10.0.19041.1_en-us_af258e24ecb80d28\ci.dll.mui Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-c..propsheet.resources_31bf3856ad364e35_10.0.19041.1_en-us_b8246cc9e3f442f5\console.dll.mui Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..y-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_46656d40ca520a7e\credprovslegacy.dll.mui Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ab7e18695e9c9bb\cryptsvc.dll.mui Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptdlg-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb3b3dd8a19c2a90\cryptdlg.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_25638dfe55945840\cryptext.dll.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptxml.resources_31bf3856ad364e35_10.0.19041.1_en-us_228d271942fed13d\cryptxml.dll.mui Handle ID: 0xea8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_en-us_9082189a80ce2580\csrss.exe.mui Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-csrsrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_33e94454343fe411\csrsrv.dll.mui Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..itybroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_6d730047761b7783\dab.dll.mui Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..brokerapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_0a34bde99d56d7a3\dabapi.dll.mui Handle ID: 0xbe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_7ad566f862dced56\bootcfg.exe.mui Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_en-us_a529a6c82f384a94\devicengccredprov.dll.mui Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dhcpcmonitor.resources_31bf3856ad364e35_10.0.19041.1_en-us_53fd1d316bd1264a\dhcpcmonitor.dll.mui Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..dateagent.resources_31bf3856ad364e35_10.0.19041.1_en-us_0edefd828ffbe416\DeviceUpdateAgent.dll.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-crypt32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_8417eb1259a3fb1a\crypt32.dll.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcsvc.dll.mui Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-defrag-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a0ddd00dd69a9dd\defragsvc.dll.mui Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bc14662e1d6e4fc\diagtrack.dll.mui Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcore.dll.mui Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ement-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_c893af9901455f1d\DismApi.dll.mui Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcore6.dll.mui Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ll-minwin.resources_31bf3856ad364e35_10.0.19041.1_en-us_eadb7e9616d487fb\dhcpcsvc6.dll.mui Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9533bba3db6cf75\cryptui.dll.mui Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd341401a09aa4a7\dnsrslvr.dll.mui Handle ID: 0xf58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\doskey.exe.mui Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapi-keys.resources_31bf3856ad364e35_10.0.19041.1_en-us_9eddcc16c540929b\dpapimig.exe.mui Handle ID: 0xb28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_10.0.19041.1_en-us_3572ebbc3147b987\cmd.exe.mui Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_8fc7ab7387f75d5a\Dism.exe.mui Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dpapisrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3d4f0e8a9e6c731\dpapisrv.dll.mui Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-drvload.resources_31bf3856ad364e35_10.0.19041.1_en-us_4f66b930f4e83ef6\drvload.exe.mui Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-duser.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b218626c22d85cd\duser.dll.mui Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..to-dssenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_80cf8fc70ddcd703\dssenh.dll.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dui70.resources_31bf3856ad364e35_10.0.19041.1_en-us_17b8cb4f02e55473\dui70.dll.mui Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..nager-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4b3633a231e4474\dwmapi.dll.mui Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-driverquery.resources_31bf3856ad364e35_10.0.19041.1_en-us_b303523261abd5aa\driverquery.exe.mui Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_en-us_38200a3bee0c73a9\bcdedit.exe.mui Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite.resources_31bf3856ad364e35_10.0.19041.1_en-us_477355286d9a4b82\DWrite.dll.mui Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd341401a09aa4a7\dnsapi.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_50f65a7eb567f702\dxgmms2.sys.mui Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b65e99e944619c\eappcfgui.dll.mui Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-graphics-wdi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e109cb8995f0d27e\dxgwdi.dll.mui Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_en-us_e011aea3bfdf2441\eappgnui.dll.mui Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapteap.resources_31bf3856ad364e35_10.0.19041.1_en-us_84727991456dd9d6\EapTeapAuth.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-efs-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_02d41c75ec2f1710\efssvc.dll.mui Handle ID: 0xf04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-expand.resources_31bf3856ad364e35_10.0.19041.1_en-us_40dea5a39ca5c65a\expand.exe.mui Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..host-peer.resources_31bf3856ad364e35_10.0.19041.1_en-us_e011aea3bfdf2441\eapphost.dll.mui Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\adtschema.dll.mui Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_5535197450a010c4\eapsvc.dll.mui Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\find.exe.mui Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\faultrep.dll.mui Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..iguration.resources_31bf3856ad364e35_10.0.19041.1_en-us_1860b2d45ce5351d\fcon.dll.mui Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\finger.exe.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\fixmapi.exe.mui Handle ID: 0x1260 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-settings.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a7c75abaff778\FlightSettings.dll.mui Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..e-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_c85ac9d1b2ed147c\efscore.dll.mui Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dfef4ac179f6223\fltlib.dll.mui Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskraid.resources_31bf3856ad364e35_10.0.19041.1_en-us_769822667dad7fbf\diskraid.exe.mui Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ca9b7f148978ef\ESENT.dll.mui Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ger-utils.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dfef4ac179f6223\fltMC.exe.mui Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa43e6777eda8f90\ETWESEProviderResources.dll.mui Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_10.0.19041.1_en-us_bcbad7a73a606643\autoconv.exe.mui Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_7725a91f1043b62d\gpapi.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_cdcd73f1d4aff533\hid.dll.mui Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_10.0.19041.1_en-us_ff7f152290ec3c23\autochk.exe.mui Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\hostname.exe.mui Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hid-user.resources_31bf3856ad364e35_10.0.19041.1_en-us_1b939d7f8a8ff478\hidserv.dll.mui Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-http-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b636906d1ad06fb\httpapi.dll.mui Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..utilities.resources_31bf3856ad364e35_11.0.19041.1_en-us_b4846b37ca23ac38\iertutil.dll.mui Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b126399ccf94de6\fveapi.dll.mui Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\ikeext.dll.mui Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9653cfdb8700a93\imapi.dll.mui Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ftp.resources_31bf3856ad364e35_10.0.19041.1_en-us_c80fd1913f47ebee\ftp.exe.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ltinstall.resources_31bf3856ad364e35_10.0.19041.1_en-us_66cdc97910f775ef\InfDefaultInstall.exe.mui Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lddmcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_50f65a7eb567f702\dxgkrnl.sys.mui Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..libraries.resources_31bf3856ad364e35_10.0.19041.1_en-us_326591e3ae91ad0c\iphlpapi.dll.mui Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_8f0cbcdfa9133f8e\imapi2.dll.mui Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_735d057c560c5710\ipsecsvc.dll.mui Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-icacls.resources_31bf3856ad364e35_10.0.19041.1_en-us_abbd2db726d27f31\ICacls.exe.mui Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-diskpart.resources_31bf3856ad364e35_10.0.19041.1_en-us_8688a8c5dd24bb5a\diskpart.exe.mui Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..deronline.resources_31bf3856ad364e35_10.0.19041.1_en-us_aaca3f9205cfd13a\joinproviderol.dll.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_7725a91f1043b62d\gpsvc.dll.mui Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kdscli.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c33b7f14f3f2940\KdsCli.dll.mui Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_343aeb95a5570e0e\input.dll.mui Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasifmon.resources_31bf3856ad364e35_10.0.19041.1_en-us_648c89538ca0acc7\ifmon.dll.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_iscsi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a34220a7c1295edd\iscsilog.dll.mui Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ipconfig.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dce3c6f9d16792f\ipconfig.exe.mui Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-keyiso.resources_31bf3856ad364e35_10.0.19041.1_en-us_c07c0ec5136e399a\keyiso.dll.mui Handle ID: 0x1200 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_14089ec954fee325\kmddsp.tsp.mui Handle ID: 0x11a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lmhsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aa56f36aaff7bbb\lmhsvc.dll.mui Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-kerberos.resources_31bf3856ad364e35_10.0.19041.1_en-us_34a3b4c6bc876a4e\kerberos.dll.mui Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..mplus.res.resources_31bf3856ad364e35_10.0.19041.1_en-us_590d912de16dd7ff\comres.dll.mui Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..r-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_fe7fbb95dff7b4d7\LogonController.dll.mui Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\lodctr.exe.mui Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_9282db59dc3419f7\lsm.dll.mui Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e04a925c1703735\microsoft-windows-hal-events.dll.mui Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\loadperf.dll.mui Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae13c63515af9e10\microsoft-windows-kernel-processor-power-events.dll.mui Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\fwpuclnt.dll.mui Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9b183f6124385f0\microsoft-windows-kernel-pnp-events.dll.mui Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_aedc447f1d8c3dd6\microsoft-windows-storage-tiering-events.dll.mui Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fsutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f1aced26e36b255\fsutil.exe.mui Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-pdc-events-container.resources_31bf3856ad364e35_10.0.19041.1_en-us_788a5c82574bc929\microsoft-windows-pdc.dll.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mpr.resources_31bf3856ad364e35_10.0.19041.1_en-us_70769b7fd35d9fbd\mpr.dll.mui Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mountvol.resources_31bf3856ad364e35_10.0.19041.1_en-us_39638b526478ade4\mountvol.exe.mui Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_99a264c4eaf8da47\mprext.dll.mui Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_10.0.19041.1_en-us_3c98e1d535f8dda2\lsasrv.dll.mui Handle ID: 0xf18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_10.0.19041.1_en-us_7892c6682e6258c8\MFC42u.dll.mui Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mfc42x.resources_31bf3856ad364e35_10.0.19041.1_en-us_7892c6682e6258c8\MFC42.dll.mui Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-drv.resources_31bf3856ad364e35_10.0.19041.1_en-us_03b55cc5252496f1\mpsdrv.sys.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\mapistub.dll.mui Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_e06c2db58995b0b9\mapi32.dll.mui Handle ID: 0xf4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msftedit.resources_31bf3856ad364e35_10.0.19041.1_en-us_90d13f9f19b6ba54\msftedit.dll.mui Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace.dll.mui Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5d563c5058a2e407\msctf.dll.mui Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\mrinfo.exe.mui Handle ID: 0xf60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..otect-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_528ccedea3450375\mskeyprotect.dll.mui Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d59c1b62dd5b21b\FirewallAPI.dll.mui Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-k..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b12b466d4976e89\microsoft-windows-kernel-power-events.dll.mui Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_3d59c1b62dd5b21b\mpssvc.dll.mui Handle ID: 0xa6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mssign32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73e85422933e8c6d\mssign32.dll.mui Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_10.0.19041.1_en-us_90f3ea967f6869de\msports.dll.mui Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_04ea8621d9d8a97d\ncpa.cpl.mui Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_10.0.19041.1_en-us_83d24a0903134528\mswsock.dll.mui Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..tprov-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f7ffd832df84d58\ncryptprov.dll.mui Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e060bde0bc59c10\msv1_0.dll.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\ndadmin.exe.mui Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netbt.resources_31bf3856ad364e35_10.0.19041.1_en-us_0731f5f39ac2dc9f\netbtugc.exe.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ncrypt.resources_31bf3856ad364e35_10.0.19041.1_en-us_7feb0e02f5d5e82c\ncrypt.dll.mui Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.19041.1_en-us_7161ccbabaf3e8a0\nbtstat.exe.mui Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_en-us_ede48e8fc0a434c1\netcfg.exe.mui Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_823386dc6c818518\netiougc.exe.mui Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ingengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_db1c43d25c426c58\netcfgx.dll.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netjoin.resources_31bf3856ad364e35_10.0.19041.1_en-us_2d65915d710f1401\netjoin.dll.mui Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml30.resources_31bf3856ad364e35_10.0.19041.1_en-us_efafef48e62ac770\msxml3r.dll.mui Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\msobjs.dll.mui Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-netlogon.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5b4926dbe2db04b\netlogon.dll.mui Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup.resources_31bf3856ad364e35_10.0.19041.1_en-us_92d5e8b2f2f67484\NetSetupSvc.dll.mui Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b211b7129114be3\microsoft-windows-system-events.dll.mui Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\newdev.exe.mui Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netsh.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1b46d336c8eb4ca\netsh.exe.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..ut-ninput.resources_31bf3856ad364e35_10.0.19041.1_en-us_d616220101c3da79\Ninput.dll.mui Handle ID: 0xfbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mprmsg.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ad0e46d6d1f83ee\mprmsg.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-usermodensi.resources_31bf3856ad364e35_10.0.19041.1_en-us_f24223ac7f30b8f8\nsisvc.dll.mui Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\netstat.exe.mui Handle ID: 0x1164 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntasn1.resources_31bf3856ad364e35_10.0.19041.1_en-us_0c4256b46cd622b9\ntasn1.dll.mui Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_10.0.19041.1_en-us_70f9c6776213a4bd\neth.dll.mui Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nlasvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_25655490f27852f7\nlasvc.dll.mui Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-ntlanman.resources_31bf3856ad364e35_10.0.19041.1_en-us_fc073f291c1b8f1c\ntlanman.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1_en-us_28eefee5555bc47c\ntprint.exe.mui Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-msxml60.resources_31bf3856ad364e35_10.0.19041.1_en-us_8b845fd226b860f5\msxml6r.dll.mui Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_0ff6b176f939ed48\msaudite.dll.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..y-ntmarta.resources_31bf3856ad364e35_10.0.19041.1_en-us_3f9ec58679aea4ce\ntmarta.dll.mui Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_28fcbc0fbbe74e1f\newdev.dll.mui Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-openwith.resources_31bf3856ad364e35_10.0.19041.1_en-us_d926929c99816f6e\OpenWith.exe.mui Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_04ea8621d9d8a97d\netshell.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntshrui.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae4091dbb3166e73\ntshrui.dll.mui Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\pathping.exe.mui Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c5aae9da6f5b804\pcwum.dll.mui Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-oleaccrc.resources_31bf3856ad364e35_10.0.19041.1_en-us_b649ce9d95e7ca66\oleaccrc.dll.mui Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-ole.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a47a3aec25548ee\ole32.dll.mui Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_en-us_0426d764e3f10dc7\nshwfp.dll.mui Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfdisk.dll.mui Handle ID: 0xffc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfnet.dll.mui Handle ID: 0x91c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_en-us_b5da0cd4eeee462b\imapi2fs.dll.mui Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfctrs.dll.mui Handle ID: 0x93c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfproc.dll.mui Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_en-us_db8562b276a70168\perfos.dll.mui Handle ID: 0xc90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpclean.resources_31bf3856ad364e35_10.0.19041.1_en-us_a943398c77854b81\pnpclean.dll.mui Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..nager-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5ce5935f2ccce28\odbcint.dll.mui Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a1b5785f361c947\pnppolicy.dll.mui Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7eed11ea07bd4d1c\pnpui.dll.mui Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..cingstack.resources_31bf3856ad364e35_10.0.19041.1_en-us_42aac8453420acd4\poqexec.exe.mui Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_735d057c560c5710\polstore.dll.mui Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\ping.exe.mui Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1_en-us_28eefee5555bc47c\ntprint.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\print.exe.mui Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenvext.resources_31bf3856ad364e35_10.0.19041.1_en-us_96660d061e45297b\profext.dll.mui Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..npeplugin.resources_31bf3856ad364e35_10.0.19041.1_en-us_fba6acc62f22d2b3\PnPUnattend.exe.mui Handle ID: 0x8e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..minkernel.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f7e552c79c688a7\prflbmsg.dll.mui Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pshed.resources_31bf3856ad364e35_10.0.19041.1_en-us_498552201881e70c\pshed.dll.mui Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasautou.exe.mui Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7d22aa39e59cfe75\rasauto.dll.mui Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1_en-us_1798d6af18f46a77\rasapi32.dll.mui Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnputil.resources_31bf3856ad364e35_10.0.19041.1_en-us_929eb5cc557f5194\pnputil.exe.mui Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_c78e49d648eafe5c\raschap.dll.mui Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasctrs.resources_31bf3856ad364e35_10.0.19041.1_en-us_761f89bd7d6d7bf2\rasctrs.dll.mui Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-raschap.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4aa96fdb56002b4\raschapext.dll.mui Handle ID: 0xf14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_14089ec954fee325\rasdiag.dll.mui Handle ID: 0xd98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..rvice-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_d4a7415c510717a5\rasmans.dll.mui Handle ID: 0xe14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ea63625f109f122\rasmbmgr.dll.mui Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-profsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_1cad2165a3d16b35\profsvc.dll.mui Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_9937e4f2c0954fcd\netmsg.dll.mui Handle ID: 0xf48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_e4333b5ebd7b1668\rdrleakdiag.exe.mui Handle ID: 0xf04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..n-cmdline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ec5f97876b2bef00\powercfg.exe.mui Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recover.resources_31bf3856ad364e35_10.0.19041.1_en-us_19341bd8495fd344\recover.exe.mui Handle ID: 0x11c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_bb340319c9c94b55\powrprof.dll.mui Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\replace.exe.mui Handle ID: 0xb68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf36865100575d06\regsvr32.exe.mui Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..lientcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_95c525353ceeef67\resutils.dll.mui Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_652b6f63c7d7c5dd\rastlsext.dll.mui Handle ID: 0xb28 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..ap-rastls.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a444baded9aa897\rastls.dll.mui Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-propsys.resources_31bf3856ad364e35_7.0.19041.1_en-us_4a8890ed170f3fda\propsys.dll.mui Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\netiohlp.dll.mui Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasrtutils.resources_31bf3856ad364e35_10.0.19041.1_en-us_9326bb2bb2334a5b\rtutils.dll.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..intmapper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a089d76598edf0e6\RpcEpMap.dll.mui Handle ID: 0xb74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa5b3dc03e55204b\route.exe.mui Handle ID: 0x82c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_en-us_698daebf9eb1b4d5\reg.exe.mui Handle ID: 0xac8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rundll32.resources_31bf3856ad364e35_10.0.19041.1_en-us_02bc904438c2428c\rundll32.exe.mui Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..to-rsaenh.resources_31bf3856ad364e35_10.0.19041.1_en-us_16a62acbc62312bf\rsaenh.dll.mui Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsess.exe.mui Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..i-printui.resources_31bf3856ad364e35_10.0.19041.1_en-us_1a72d2107dc73c0a\printui.dll.mui Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_7897f64125c10402\sacsvr.dll.mui Handle ID: 0x1260 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-robocopy.resources_31bf3856ad364e35_10.0.19041.1_en-us_6abbcc8b8fcc07e3\Robocopy.exe.mui Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sechost.resources_31bf3856ad364e35_10.0.19041.1_en-us_93136f66ce7ffac1\sechost.dll.mui Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-schannel.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d11d42ad8409f53\schannel.dll.mui Handle ID: 0x12b0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-refsutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa8d7acfdd7882d6\refsutil.exe.mui Handle ID: 0xed0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rpc-local.resources_31bf3856ad364e35_10.0.19041.1_en-us_51acac215ce8b77d\rpcrt4.dll.mui Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_87cbe14d4de4bd62\SHCore.dll.mui Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shlwapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_09c08624c36693a8\shlwapi.dll.mui Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc7274f372ed8e13\sfc.exe.mui Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shutdownux.resources_31bf3856ad364e35_10.0.19041.1_en-us_36aacb7f6bff451d\ShutdownUX.dll.mui Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_1fee549ac552b43c\services.exe.mui Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_10.0.19041.1_en-us_9a5b45e6fe928308\smss.exe.mui Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\smphost.dll.mui Handle ID: 0xa74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-pnpsysprep.resources_31bf3856ad364e35_10.0.19041.1_en-us_870ec821d56378ca\sppnp.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\srvsvc.dll.mui Handle ID: 0x129c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-smbserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_36f866b8332aaeff\sscore.dll.mui Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_02abb9877c778368\scecli.dll.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-setupapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2051dad616bfbe07\setupapi.dll.mui Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b7164f69301f883\subst.exe.mui Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_en-us_0739fe5d46d729eb\svchost.exe.mui Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-sam.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca714bf2ded4fd68\samsrv.dll.mui Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-svsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_68b9867325ec3faf\svsvc.dll.mui Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..mprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_155d8a8d329175f4\swprv.dll.mui Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f39397eb9eb1ed9\scesrv.dll.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasdlg.resources_31bf3856ad364e35_10.0.19041.1_en-us_6bff3fa1e7605439\rasdlg.dll.mui Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysclass.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfea6091084df19f\sysclass.dll.mui Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tapi2xclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_9eff89d194dc48d3\tapi32.dll.mui Handle ID: 0x1200 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ntsbroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_cd5e1703fb559393\SystemEventsBrokerServer.dll.mui Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxstrace.exe.mui Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e93e1af9be76663\Storprop.dll.mui Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-r..e-rassstp.resources_31bf3856ad364e35_10.0.19041.1_en-us_9ed054c8f82d3c7c\sstpsvc.dll.mui Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\sxs.dll.mui Handle ID: 0x11a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-timebroker.resources_31bf3856ad364e35_10.0.19041.1_en-us_d0696e9a20fe5354\TimeBrokerServer.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\sppc.dll.mui Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_en-us_c10bc33ae3f4a3aa\TrustedSignalCredProv.dll.mui Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..utilities.resources_31bf3856ad364e35_10.0.19041.1_en-us_422d1efffd701255\tracert.exe.mui Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-takeown.resources_31bf3856ad364e35_10.0.19041.1_en-us_6c295aa8904b0eb1\takeown.exe.mui Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsAuth.dll.mui Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef3b2554816b1504\slc.dll.mui Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eapttls.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2a853e22d141a77\TtlsCfg.dll.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..x-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a5d75c34ba6f636\TSSessionUX.dll.mui Handle ID: 0xa8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_823386dc6c818518\tcpipcfg.dll.mui Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rasmontr.resources_31bf3856ad364e35_10.0.19041.1_en-us_d5d2edf4eb729cbc\rasmontr.dll.mui Handle ID: 0x874 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l..skmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_a52a78f85b7ec197\taskmgr.exe.mui Handle ID: 0xf58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..atahelper.resources_31bf3856ad364e35_10.0.19041.1_en-us_eb00c854b52e87c6\tdh.dll.mui Handle ID: 0x9f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_a6b88435313203cc\umpo.dll.mui Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.19041.1_en-us_1f2bb353038d1523\unlodctr.exe.mui Handle ID: 0xa14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userenv.resources_31bf3856ad364e35_10.0.19041.1_en-us_79e35164c2cf79d2\userenv.dll.mui Handle ID: 0x8d0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_10.0.19041.1_en-us_45e1b3af71b01941\userinit.exe.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-userinitext.resources_31bf3856ad364e35_10.0.19041.1_en-us_94f4ba71a45d6fd4\userinitext.dll.mui Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-system-user-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_22e0c92c7b30cdfd\usermgr.dll.mui Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-pnp-umpnpmgr.resources_31bf3856ad364e35_10.0.19041.1_en-us_1bd351c127f6d03f\umpnpmgr.dll.mui Handle ID: 0xf4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_c072fc43c852c692\UIAutomationCore.dll.mui Handle ID: 0xccc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7bc14662e1d6e4fc\utcutil.dll.mui Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_en-us_f6d3d801594c601f\utildll.dll.mui Handle ID: 0x10dc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbfdd178d867fd99\vdsbas.dll.mui Handle ID: 0x1180 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-uxtheme.resources_31bf3856ad364e35_10.0.19041.1_en-us_cc110ce9e60367ee\uxtheme.dll.mui Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vds.exe.mui Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-user32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ef054dca7ac088\user32.dll.mui Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..kprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_e72971a2c1f6c25b\vdsvd.dll.mui Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_da49ed797c177968\vdsdyn.dll.mui Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..timezones.resources_31bf3856ad364e35_10.0.19041.1_en-us_39665f8e21240c1b\tzres.dll.mui Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rityzones.resources_31bf3856ad364e35_11.0.19041.1_en-us_586539fbebb0cc9c\urlmon.dll.mui Handle ID: 0xdac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_f5f9b416a9f26530\Websocket.dll.mui Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssapi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_e3b5e59f30ca6174\vsstrace.dll.mui Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-d..ier-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_830af9ea9aba3650\verifier.exe.mui Handle ID: 0xc14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_10.0.19041.1_en-us_b56aa669d807b6f4\webio.dll.mui Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFaultSecure.exe.mui Handle ID: 0xf64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9049899d62a0e4d\wer.dll.mui Handle ID: 0x1254 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9c7ae36f6e0f219\wevtapi.dll.mui Handle ID: 0xe58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..k-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e91adb05b98d4f\wersvc.dll.mui Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ae65cdb04194d8\verifiergui.exe.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_10.0.19041.1_en-us_2c7d6d4ece1acf99\WerFault.exe.mui Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_08f6da56337b289b\w32time.dll.mui Handle ID: 0xf7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_10.0.19041.1_en-us_53f7dd16602c8a90\wevtsvc.dll.mui Handle ID: 0xfd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..er-common.resources_31bf3856ad364e35_10.0.19041.1_en-us_fbb670ada24a4e33\Windows.FileExplorer.Common.dll.mui Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-v..skservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_5801e9f68bdc3d85\vdsutil.dll.mui Handle ID: 0xc30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wincredui.resources_31bf3856ad364e35_10.0.19041.1_en-us_61e25015a031831a\wincredui.dll.mui Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wimgapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_cf48a18a5fdfb544\wimgapi.dll.mui Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ontroller.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1322100908d69a1\Windows.UI.CredDialogController.dll.mui Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winbio.resources_31bf3856ad364e35_10.0.19041.1_en-us_51cbd1658a9e8304\winbio.dll.mui Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb569e49a9e4cc22\wininit.exe.mui Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_d6afa8b21943e171\win32kbase.sys.mui Handle ID: 0xfbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea8a56fd969c14c6\wevtutil.exe.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..core-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_201c821693305023\winmmbase.dll.mui Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.19041.1_en-us_65e4d1beb3d1f96f\winhttp.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..mentation.resources_31bf3856ad364e35_11.0.19041.1_en-us_0233336163e096a7\wininet.dll.mui Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\winpeshl.exe.mui Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..temclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_882f8b99a2f630ef\WinSCard.dll.mui Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\winsockhc.dll.mui Handle ID: 0xdd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e85c098fb7f7a14\ntdll.dll.mui Handle ID: 0x8fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e70c9a2dd0624b1\wintypes.dll.mui Handle ID: 0xbfc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanutil.resources_31bf3856ad364e35_10.0.19041.1_en-us_19ec72bf503086d4\wlanutil.dll.mui Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winsrv.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3ba4d44a3c97f27\winsrv.dll.mui Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_10.0.19041.1_en-us_80e99f0ea373f8b5\winlogon.exe.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-o..t-storage.resources_31bf3856ad364e35_10.0.19041.1_en-us_6910ea60b47c64f0\windows.storage.dll.mui Handle ID: 0xaf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_915cf6e0c6649f87\wldap32.dll.mui Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_86ddc39268efcf81\winmm.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..eprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_193efb2cb0113a35\wmiprop.dll.mui Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wldp.resources_31bf3856ad364e35_10.0.19041.1_en-us_e1df6e92b40dd5f7\wldp.dll.mui Handle ID: 0xbe0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ngsclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_b45a35e2ca3bc553\wosc.dll.mui Handle ID: 0xcc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..onservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d9899a205ad9bf0\wkssvc.dll.mui Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wship6.dll.mui Handle ID: 0xaf4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_en-us_191f132b3e6a20ca\wshtcpip.dll.mui Handle ID: 0xef0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winpe_tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_dbfd617ca96275f5\wpeutil.dll.mui Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_10.0.19041.1_en-us_63ce793a38227711\wshelper.dll.mui Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ck-legacy.resources_31bf3856ad364e35_10.0.19041.1_en-us_01acc92f39697d8a\wsock32.dll.mui Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4008a5924567538\ws2_32.dll.mui Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..er-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_7a8494abb092d578\winspool.drv.mui Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ocale-nls.resources_31bf3856ad364e35_10.0.19041.1_en-us_92f5de385d9dc263\winnlsres.dll.mui Handle ID: 0x11a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c4a82d26159d7480\webservices.dll.mui Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shell32.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ad41d78392a6f\shell32.dll.mui Handle ID: 0x1164 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..libraries.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9d5d1b37e0ee7d0\ulib.dll.mui Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_en-us_a7c23b7b252bca10\SxsMigPlugin.dll.mui Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32.resources_31bf3856ad364e35_10.0.19041.1_en-us_f30bd101c4a20012\kernel32.dll.mui Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1_en-us_2e0dc83355e5b510\KernelBase.dll.mui Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace_uninstall.mfl Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wsp-spaces.resources_31bf3856ad364e35_10.0.19041.1_en-us_50be0500bcbad1d2\mispace.mfl Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru_uninstall.mfl Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\ncprov.mfl Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.19041.1_en-us_1540b052425beb5b\smbwmiv2.mfl Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\ScrCons.mfl Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\subscrpt.mfl Handle ID: 0xd88 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\smtpcons.mfl Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmi.mfl Handle ID: 0xe98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\secrcw32.mfl Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_en-us_d9389be11d868c46\WbemCons.mfl Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\interop.mfl Handle ID: 0xa6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\wmipcima.mfl Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\system.mfl Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_84bc5f488e890c95\SmbLocalization.psd1 Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_231dcaf45f48dc9c\cimwin32.mfl Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_pcat_en-us_da440b72296cc45e.cdf-ms Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_resources_en-us_3393f588464e4d11.cdf-ms Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_help_mui_0409_c7942094fabea651.cdf-ms Handle ID: 0xd34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_en-us_0ef70046e1d1b811.cdf-ms Handle ID: 0xa20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0xf18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_0409_b44cb59d03cf68aa.cdf-ms Handle ID: 0xc08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_lsm_b45be09c559d6e1d.cdf-ms Handle ID: 0x924 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms Handle ID: 0x1248 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms Handle ID: 0x1210 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x1244 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms Handle ID: 0xf70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_resources_themes_aero_en-us_ab16867f204414fa.cdf-ms Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_0409_06652563df2ff0c1.cdf-ms Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_boot_en-us_bd4746182a790f00.cdf-ms Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_en-us_30b82d6497b06504.cdf-ms Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_en-us_064f3ab06d0848d3.cdf-ms Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0xec8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms Handle ID: 0xf44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_en-us_815d10948a0810a2.cdf-ms Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0x1200 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_en-us_afb84194eaac32a1.cdf-ms Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0x1228 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_en-us_c5f337028c1b1b59.cdf-ms Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_triedit_en-us_59ae2daa07429081.cdf-ms Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_en-us_9c12689ac1360dc2.cdf-ms Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_msadc_en-us_58bb034fa66b57cc.cdf-ms Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:02 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_system_ole_db_en-us_5ff73071fce05070.cdf-ms Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel-languages_31bf3856ad364e35_10.0.19041.1_none_755485689bff7973\tipresx.dll Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TabTip.exe.mui Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tkeyboard.resources_31bf3856ad364e35_10.0.19041.1_en-us_9e1a6f1ae580eb2b\tabskb.dll.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxpad.xml Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insert.xml Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_10.0.19041.1_en-us_c7530040e79a9aee\TipTsf.dll.mui Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypad.xml Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearui.xml Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenu.xml Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknav.xml Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpad.xml Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-us_68ce1881981b1956\tipresx.dll.mui Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpred.xml Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbols.xml Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\auxbase.xml Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\keypadbase.xml Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\insertbase.xml Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea.xml Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\kor-kor.xml Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\baseAltGr_rtl.xml Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base.xml Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_heb.xml Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_altgr.xml Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_jpn.xml Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_kor.xml Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_ca.xml Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\base_rtl.xml Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..nputpanel.resources_31bf3856ad364e35_10.0.19041.1_en-us_b30606e73c3e9798\TipRes.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskclearuibase.xml Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskmenubase.xml Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknavbase.xml Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\osknumpadbase.xml Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\oskpredbase.xml Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ea-sym.xml Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-changjei.xml Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp-sym.xml Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-dayi.xml Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\main.xml Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\zh-phonetic.xml Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ko-kr.xml Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\ja-jp.xml Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\symbase.xml Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\RecEnv.exe.mui Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\StartRep.exe.mui Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hh.exe Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\BCD Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\BCD Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..d-bootfix.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ff5f1d54e8346ca\bootfix.bin Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_10.0.19041.1_none_dc4e5ab15169832e\etfsboot.com Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TabTip.exe Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\RecEnv.exe Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..andinkinputservices_31bf3856ad364e35_10.0.19041.1_none_d29e3857b870499d\tiptsf.dll Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\TipRes.dll Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\StartRep.exe Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.19041.1_none_c780234a16dfd399\tipskins.dll Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..nvironment-dvd-pcat_31bf3856ad364e35_10.0.19041.1_none_5008dee6cfdc303c\boot.sdi Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..environment-dvd-efi_31bf3856ad364e35_10.0.19041.1_none_8b38a4d923e0a37e\boot.sdi Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hh.exe.mui Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys_noprompt.bin Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_10.0.19041.1_none_1891f4ff823a4461\efisys.bin Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapisvr.exe.mui Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_10.0.19041.1_none_b89a948362edb3e7\sapisvr.exe Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.INI Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.Keyboard.NUS Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8591bd54bdb2be6f\AtBroker.exe Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audioresourceregistrar.dll Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\avrt.dll Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blbres.dll Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\bdeui.dll Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\bderepair.dll Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcdprov.dll Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-proxy-main_31bf3856ad364e35_10.0.19041.1_none_5a93d463d29ea477\blb_ps.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47mrm.dll Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..iocorepolicymanager_31bf3856ad364e35_10.0.19041.1_none_fe4e5b7cbac78006\AudioSrvPolicyManager.dll Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AUDIOKSE.dll Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1_none_505b5b44763139f0\BCP47Langs.dll Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiodg.exe Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecApi.dll Handle ID: 0xfd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootmenuux_31bf3856ad364e35_10.0.19041.1_none_aad2a22bb4bb6bb7\BootMenuUX.dll Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakrathunk.dll Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.19041.1_none_7feeab380f6fb6aa\BootRec.exe Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakradiag.dll Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-disasterrecoveryui_31bf3856ad364e35_10.0.19041.1_none_ef4afdf204e52ca3\bmrui.exe Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-cloudrec_31bf3856ad364e35_10.0.19041.1_none_fce31da777d54f96\CloudRecSvc.exe Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEndpointBuilder.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..diopolicymanagerext_31bf3856ad364e35_10.0.19041.1_none_4c67ee16a4c91364\coreaudiopolicymanagerext.dll Handle ID: 0xfbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_10.0.19041.1_none_87a2bd7df0ba58b0\tabskb.dll Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSup.dll Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..onentpackagesupport_31bf3856ad364e35_10.0.19041.1_none_15ad78a57833209d\CompPkgSrv.exe Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\cscript.exe Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\CoreMas.dll Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\DetailedReading-Default.xml Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\dispex.dll Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1_none_7fa0f248f62ae8e5\AudioSes.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\AudioEng.dll Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota_31bf3856ad364e35_10.0.19041.1_none_34047f8253bab333\dskquota.dll Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\audiosrv.dll Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tartup-fverecoverux_31bf3856ad364e35_10.0.19041.1_none_0520717b3afe6966\fverecoverux.dll Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhsetup.dll Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.dll Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-framedyn-dll_31bf3856ad364e35_10.0.19041.1_none_e2db8e255af62a10\framedyn.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\imaadp32.acm Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_10.0.19041.1_none_f1a66ceadc1ac5a7\fveui.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\framedynos.dll Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\M1033ZIR.APM Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.19041.1_none_7e470436241a018f\hhctrl.ocx Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..w-kernelsupportuser_31bf3856ad364e35_10.0.19041.1_none_1b632b5bb5339e8b\ksuser.dll Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-u..latform-facilitator_31bf3856ad364e35_10.0.19041.1_none_48593f2800494004\Facilitator.dll Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ux-winre.deployment_31bf3856ad364e35_10.0.19041.1_none_1c71373ee04f3e91\bootux.dll Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_10.0.19041.1_none_b00bcb3b56b3d8e3\manage-bde.exe Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_fe8b95190d24914f\mibincodec.dll Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll_31bf3856ad364e35_10.0.19041.1_none_40324f0aaf4bb80e\mi.dll Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msadp32.acm Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_10.0.19041.1_none_d0874ed19e069aca\msdmo.dll Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1_none_6cc270f3015bbb5f\jscript.dll Handle ID: 0xca4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_fb771fecc6c2f05c\mimofcodec.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9diag.dll Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.19041.1_none_96d696a28066f556\msacm32.dll Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msg711.acm Handle ID: 0x918 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-acmcorecodecs_31bf3856ad364e35_10.0.19041.1_none_d6c5e9129925e77d\msgsm32.acm Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-miutils-dll_31bf3856ad364e35_10.0.19041.1_none_2135df93bd1c37f3\miutils.dll Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\NarratorControlTemplates.xml Handle ID: 0xb5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\ncobjapi.dll Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi_31bf3856ad364e35_10.0.19041.1_none_0af5511b58bf6105\MMDevAPI.dll Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman_31bf3856ad364e35_10.0.19041.1_none_c5ae2919f12d59ae\netman.dll Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.1_none_740ee67443167eb4\Narrator.exe Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\psmodulediscoveryprovider.mof Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..scoveryprovider-dll_31bf3856ad364e35_10.0.19041.1_none_299ab6bfeef8f0b6\PSModuleDiscoveryProvider.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-prvdmofcomp-dll_31bf3856ad364e35_10.0.19041.1_none_8db513659285c3e1\prvdmofcomp.dll Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ter-cimprovider-exe_31bf3856ad364e35_10.0.19041.1_none_193aab8d8b539746\Register-CimProvider.exe Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngInterfaces.exe Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.exe Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.19041.1_none_87e54edbaf62ca00\repair-bde.exe Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\remoteaudioendpoint.dll Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.1_none_3a6d07f552fecc2c\recdisc.exe Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetPluginHost.exe Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\resetengmig.dll Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReInfo.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-provider-common_31bf3856ad364e35_10.0.19041.1_none_5e30d23f787e0374\provthrd.dll Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq_31bf3856ad364e35_10.0.19041.1_none_a3df82b8c8699995\RTWorkQ.dll Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\rstrui.exe Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrobj.dll Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\scrrun.dll Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srclient.dll Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\srms62.dat Handle ID: 0x102c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_2c90d1aa83fd4655\SpatialAudioLicenseSrv.exe Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\srms.dat Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-srhelper_31bf3856ad364e35_10.0.19041.1_none_64d5657ff9db1846\srhelper.dll Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmibdll_31bf3856ad364e35_10.0.19041.1_none_0c1cf805b0009dfb\tcpmib.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\tier2punctuations.dll Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCertResources.dll Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\sxproxy.dll Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main_31bf3856ad364e35_10.0.19041.1_none_9a3804454c3a5688\spp.dll Handle ID: 0x10e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.dll Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_10.0.19041.1_none_fcd0dd6b529c84a4\srcore.dll Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\sysreset.exe Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_10.0.19041.1_none_70bdab680f410083\ReAgent.dll Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.inf Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\reseteng.dll Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ient-server-library_31bf3856ad364e35_10.0.19041.1_none_bc61472ad685eded\wdscsl.dll Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ervices-diagnostics_31bf3856ad364e35_10.0.19041.1_none_f02917edd6b0bfcc\WdsDiag.dll Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_10.0.19041.1_none_003f59aa850fa682\wdmaud.drv Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.1_none_0145eaa42e633edc\wbadmin.exe Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-vbscript_31bf3856ad364e35_11.0.19041.1_none_323c8bab381e679b\vbscript.dll Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ent-services-client_31bf3856ad364e35_10.0.19041.1_none_664cd6788b0cef8f\wdsclient.exe Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcomn-dll_31bf3856ad364e35_10.0.19041.1_none_b96c3b80c28ff316\wbemcomn.dll Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-errorreportingui_31bf3856ad364e35_10.0.19041.1_none_84563820a174d447\werui.dll Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..mage-capture-wizard_31bf3856ad364e35_10.0.19041.1_none_1ec3161d843d5b3a\wdscapture.exe Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.1_none_ed55affe15aaa25d\TpmCoreProvisioning.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-transport-client_31bf3856ad364e35_10.0.19041.1_none_c71ec3231539568b\wdstptc.dll Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-oc-srt-background_31bf3856ad364e35_10.0.19041.1_none_9eecd591ca795bd6\winre.jpg Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-devices-midi_31bf3856ad364e35_10.0.19041.1_none_a0cb30e63b04963c\Windows.Devices.Midi.dll Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-media-devices_31bf3856ad364e35_10.0.19041.1_none_3158669b7ec140d9\Windows.Media.Devices.dll Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..vices-image-library_31bf3856ad364e35_10.0.19041.1_none_34496984ddfad865\WdsImage.dll Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-texttospeech-en-us_31bf3856ad364e35_10.0.19041.1_none_06dbe8f38a612434\MSTTSLocEnUS.dat Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_8_31bf3856ad364e35_10.0.19041.1_none_fc734b41dc885462\XAudio2_8.dll Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshcon.dll Handle ID: 0xac4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\WmiMgmt.msc Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\WmiMgmt.msc Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-wmidcom-dll_31bf3856ad364e35_10.0.19041.1_none_f19aad0842d9271a\wmidcom.dll Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wshom.ocx Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.1_none_fe5960999fb777f6\wscript.exe Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..adapter-wmitomi-dll_31bf3856ad364e35_10.0.19041.1_none_313d4e2c5675f9d4\wmitomi.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_10.0.19041.1_none_99d3037b9f1d6f54\wbengine.exe Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-multicast-client_31bf3856ad364e35_10.0.19041.1_none_6c83ecde752dfd52\wdsmcast.exe Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.1_none_10bddbfab734fa42\VSSVC.exe Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.19041.1_none_f21328951dd47f39\ResetEngine.dll Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.1_none_5d8df447fb4e7fad\d2d1.dll Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_9_31bf3856ad364e35_10.0.19041.1_none_fc744b8bdc876db9\XAudio2_9.dll Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.1_none_2e0c150bc7e8db08\jscript9.dll Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1_none_5f5d6355fa237622\SRH.dll Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..storage-classdriver_31bf3856ad364e35_10.0.19041.1_none_13e0a2d70bde69d7\EhStorClass.sys Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.sys Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.1_none_0d89446c82e7b332\mmcss.sys Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-tbs_31bf3856ad364e35_10.0.19041.1_none_a4a8e27917b1d4a2\tbs.sys Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.sys.mui Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_audioendpoint.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d71c466ec187ae9b\AudioEndpoint.inf_loc Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9fd4a542f83c4a3\EhStorTcgDrv.inf_loc Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudss.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_53a41a6f21f92bbe\hdaudss.inf_loc Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_979015a3cb75e148\hdaudio.inf_loc Handle ID: 0xbc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_rawsilo.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a313c95fcf95ba21\rawsilo.inf_loc Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdmaudiocoresystem.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4fec1f921fe386e\wdmaudioCoreSystem.inf_loc Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_wdma_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fc5aab9f0e92cb4\wdma_usb.inf_loc Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\audiodg.exe.mui Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioEndpointBuilder.dll.mui Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..audiocore.resources_31bf3856ad364e35_10.0.19041.1_en-us_da7fa0fdb9bb1da2\AudioSrv.dll.mui Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_mmcss.resources_31bf3856ad364e35_10.0.19041.1_en-us_63bb7612d6a0dd5a\avrt.dll.mui Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winre-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_3657e07d684f0581\BootRec.exe.mui Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..re-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_3a6ceafd04278b58\AudioSes.dll.mui Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecApi.dll.mui Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-cloudrec.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9e41542bbce4eef\CloudRecSvc.exe.mui Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-bootux-winre.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4345854daf75697\bootux.dll.mui Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..ecoveryui.resources_31bf3856ad364e35_10.0.19041.1_en-us_427c213dea78ff80\bmrui.exe.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\cscript.exe.mui Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dskquota.resources_31bf3856ad364e35_10.0.19041.1_en-us_b6f5c1b7fef92fe4\dskquota.dll.mui Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_3813956db567ed0e\blbres.dll.mui Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..p-ui-libs.resources_31bf3856ad364e35_10.0.19041.1_en-us_85d6fd46092ef1b0\fveui.dll.mui Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..recoverux.resources_31bf3856ad364e35_10.0.19041.1_en-us_d665fd376089f50b\fverecoverux.dll.mui Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\imaadp32.acm.mui Handle ID: 0x10e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-htmlhelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_6b3f542b20656524\hhctrl.ocx.mui Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_3dd913b790a1c668\jscript.dll.mui Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-schedule.resources_31bf3856ad364e35_10.0.19041.1_en-us_adc1cc9a65b0c63b\MdSched.exe.mui Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmiv2-mi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c452fec1d11e8e7\mi.dll.mui Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-jscript9.resources_31bf3856ad364e35_11.0.19041.1_en-us_cb9db6178247f4cd\jscript9.dll.mui Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mmdeviceapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_7dd53bd9a45027d6\MMDevAPI.dll.mui Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_9dd80637a0a77432\mimofcodec.dll.mui Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msadp32.acm.mui Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_10.0.19041.1_en-us_0f9ff912a35a13a1\msacm32.dll.mui Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msg711.acm.mui Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..orecodecs.resources_31bf3856ad364e35_10.0.19041.1_en-us_fa0d8c2d62179248\msgsm32.acm.mui Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..codec-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_41caac310a838eed\mibincodec.dll.mui Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..utils-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_dd46cf5fa0b19af2\miutils.dll.mui Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-netman-mui.resources_31bf3856ad364e35_10.0.19041.1_en-us_3ce54b4b43888113\netman.dll.mui Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_en-us_7c46b809efcb4d75\Narrator.exe.mui Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d2d.resources_31bf3856ad364e35_10.0.19041.1_en-us_4d6906c3ea3817d6\d2d1.dll.mui Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\PSModuleDiscoveryProvider.dll.mui Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_1173d42c87f1862f\psmodulediscoveryprovider.mfl Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\reseteng.dll.mui Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\ResetEngine.dll.mui Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-recdisc-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_5fe9c9ee90bc2b1f\recdisc.exe.mui Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..veryagent.resources_31bf3856ad364e35_10.0.19041.1_en-us_681fc03c3c11f922\reagent.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_dffdae74561e42e5\register-cimprovider.exe.mui Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-tool-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_7322bfaaf0abd306\manage-bde.exe.mui Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f00fd67c12e8209\repair-bde.exe.mui Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrobj.dll.mui Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-rtworkq.resources_31bf3856ad364e35_10.0.19041.1_en-us_eff0eebd4ec240e4\RTWorkQ.dll.mui Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\scrrun.dll.mui Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\spp.dll.mui Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-spp-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_76a64804f924a92f\sxproxy.dll.mui Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-sysreset.resources_31bf3856ad364e35_10.0.19041.1_en-us_313cc2058f384fa8\sysreset.exe.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\srcore.dll.mui Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..tore-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_36603f53db43bcf9\rstrui.exe.mui Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..visioning.resources_31bf3856ad364e35_10.0.19041.1_en-us_bba74d5eba00c052\TpmCoreProvisioning.dll.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..-vbscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_f9be72e87a4dc35c\vbscript.dll.mui Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-a..wdm-audio.resources_31bf3856ad364e35_10.0.19041.1_en-us_26a4e6c8a1381605\wdmaud.drv.mui Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..gine-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_7ff834e4c950a565\wbengine.exe.mui Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\SRH.dll.mui Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..e-library.resources_31bf3856ad364e35_10.0.19041.1_en-us_069c551ec1ae2c48\WdsImage.dll.mui Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..agnostics.resources_31bf3856ad364e35_10.0.19041.1_en-us_923ee710c31c02b1\WdsDiag.dll.mui Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..re-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_b1a5d3546edc3f59\wdscapture.exe.mui Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-e..portingui.resources_31bf3856ad364e35_10.0.19041.1_en-us_451996366353f25c\werui.dll.mui Handle ID: 0xfc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..st-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_995e9d63e52c413d\wdsmcast.exe.mui Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..es-client.resources_31bf3856ad364e35_10.0.19041.1_en-us_b0f229404eb71756\wdsclient.exe.mui Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_832dcb8b0a4bb42b\VSSVC.exe.mui Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..itomi-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_11b3ee8a1a12cfe1\wmitomi.dll.mui Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wshom.ocx.mui Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..xaudio2_9.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd3b95c8c976f5b4\XAudio2_9.dll.mui Handle ID: 0xa50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_10.0.19041.1_en-us_411dae92f6d12d17\wscript.exe.mui Handle ID: 0xb9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_10.0.19041.1_en-us_aab573223036b6bf\wbadmin.exe.mui Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_en-us_2b99bfb5aa908cbb\tier2punctuations.dll.mui Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..monnoia64.resources_31bf3856ad364e35_10.0.19041.1_en-us_0b018d9a63164212\sapi.dll.mui Handle ID: 0x80c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_10.0.19041.1_none_6658ea421c6ab115\bcd.mof Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cli.mof Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-filetracefilter_31bf3856ad364e35_10.0.19041.1_none_b0b561660c7b5f0c\filetrace.mof Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..lesystemsupport-mof_31bf3856ad364e35_10.0.19041.1_none_4931addf0b74706f\IMAPIv2-FileSystemSupport.mof Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-legacyshim-mof_31bf3856ad364e35_10.0.19041.1_none_94f00e4647dc0b41\IMAPIv2-LegacyShim.mof Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base-mof_31bf3856ad364e35_10.0.19041.1_none_0981e25f801b452c\IMAPIv2-Base.mof Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-kerberos-mof_31bf3856ad364e35_10.0.19041.1_none_9971a16b45127f2a\kerberos.mof Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\cimdmtf.mof Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mup-mof_31bf3856ad364e35_10.0.19041.1_none_12741f84c3926f7a\Microsoft-Windows-Remote-FileSystem.mof Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\krnlprov.mof Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIMigrationPlugin.dll Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofcomp.exe Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-krnlprov-provider_31bf3856ad364e35_10.0.19041.1_none_99a1d18394747435\KrnlProv.dll Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-ntlm-mof_31bf3856ad364e35_10.0.19041.1_none_da48343535c2140a\msv1_0.mof Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ntfs-mof_31bf3856ad364e35_10.0.19041.1_none_4b1a5556e970adc5\ntfs.mof Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-mofinstaller_31bf3856ad364e35_10.0.19041.1_none_c80e6cbfcb1e33c7\mofinstall.dll Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.mof Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\powermeterprovider.mof Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\NCProv.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter_31bf3856ad364e35_10.0.19041.1_none_920fccc5f5774641\PolicMan.dll Handle ID: 0x10e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\rawxml.xsl Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\profileassociationprovider.mof Handle ID: 0xa70 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..odepowerservice-mof_31bf3856ad364e35_10.0.19041.1_none_fbe0c0aa55304aac\PowerPolicyProvider.mof Handle ID: 0xc98 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\mofd.dll Handle ID: 0xc1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_10.0.19041.1_none_9badbd6e04b7eaa1\schannel.mof Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\regevent.mof Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base-mof_31bf3856ad364e35_10.0.19041.1_none_a8b542edb18ebdd3\rsop.mof Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSLoc.dll Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tcpip-mof_31bf3856ad364e35_10.0.19041.1_none_edcef15a244d146a\tcpip.mof Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi_31bf3856ad364e35_10.0.19041.1_none_ff04ba67127d59fe\hbaapi.mof Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\SMTPCons.dll Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\texttable.xsl Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\scrcons.exe Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\textvaluelist.xsl Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\esscli.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\unsecapp.exe Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-consumers_31bf3856ad364e35_10.0.19041.1_none_00c334ebf83ee740\wbemcons.dll Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vds.mof Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_10.0.19041.1_none_f47f6ca465ecdc1b\stdprov.dll Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemprox.dll Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.tlb Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_10.0.19041.1_none_3432c764d048a596\repdrvfs.dll Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-security-digest-mof_31bf3856ad364e35_10.0.19041.1_none_e21d70adf6c4e8a9\wdigest.mof Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wbemsvc.dll Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\vdswmi.dll Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolumeUninstall.mof Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\win32_encryptablevolume.mof Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-shenzhouttsvoicecommon_31bf3856ad364e35_10.0.19041.1_none_3218a37ae75dcc89\MSTTSEngine.dll Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof_31bf3856ad364e35_10.0.19041.1_none_90d1e9fce8e70c10\wininit.mof Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_10.0.19041.1_none_3629d754154563e3\winlogon.mof Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.mof Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_10.0.19041.1_none_257e1be45fa14ced\Win32_Tpm.dll Handle ID: 0x94c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-scripting_31bf3856ad364e35_10.0.19041.1_none_1702461a921abea8\wbemdisp.dll Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApRes.dll Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WinMgmt.exe Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WinMgmtR.dll Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-securestartup-wmi_31bf3856ad364e35_10.0.19041.1_none_1673635624aca0dd\Win32_EncryptableVolume.dll Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WmiApRpl.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_10.0.19041.1_none_8dec776522fcecde\wbemtest.exe Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMIADAP.exe Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_10.0.19041.1_none_b13a60de191a2a63\fastprox.dll Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WmiApSrv.exe Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\WMICOOKR.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdfs.mof Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipdskq.mof Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_10.0.19041.1_none_19c65ca7cefe6dba\wbemess.dll Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdfs.dll Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\wmipicmp.mof Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-ping-provider_31bf3856ad364e35_10.0.19041.1_none_01770cc86da5219f\WMIPICMP.dll Handle ID: 0x1218 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiDcPrv.dll Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-win32-provider_31bf3856ad364e35_10.0.19041.1_none_7cbc133a15aeab54\wmipsess.mof Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipdskq.dll Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\WMIPSESS.dll Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\xsl-mappings.xml Handle ID: 0xbbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..win32-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_599754e5b9029653\cimwin32.dll.mui Handle ID: 0xe84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..in32-provider-admin_31bf3856ad364e35_10.0.19041.1_none_f0f1a6eea435c070\wmipcima.dll Handle ID: 0xd44 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cliegaliases.mfl Handle ID: 0xc78 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\csv.xsl Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..acefilter.resources_31bf3856ad364e35_10.0.19041.1_en-us_6e18d367acc20529\filetrace.mfl Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-wdm-provider_31bf3856ad364e35_10.0.19041.1_none_3023d989016d37fb\wmiprov.dll Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.19041.1_none_579ae2e26c347896\WMIC.exe Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmiutils.dll Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\hform.xsl Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\htable.xsl Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\KrnlProv.dll.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\cli.mfl Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_787819b31b8e3264\krnlprov.mfl Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofcomp.exe.mui Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.1_none_8bf3561a72086bb6\sapi.dll Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\mof.xsl Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\NCProv.dll.mui Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-filter.resources_31bf3856ad364e35_10.0.19041.1_en-us_78a6075453bcd506\PolicMan.mfl Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\profileassociationprovider.mfl Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\mofd.dll.mui Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\powermeterprovider.mfl Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\cimdmtf.mfl Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..consumers.resources_31bf3856ad364e35_10.0.19041.1_en-us_160b9316be795953\scrcons.exe.mui Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-u..rvice-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab0a8959ab880cf3\PowerPolicyProvider.mfl Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vdswmi.dll.mui Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wininit-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_1e1952baf26cd93f\wininit.mfl Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..mcore-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_8db0eb93c93994af\wbemcore.dll.mui Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_deabf0d9beac524a\winlogon.mfl Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WinMgmt.exe.mui Handle ID: 0xbdc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApRes.dll.mui Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_10.0.19041.1_none_56a3c953964ea509\WMIsvc.dll Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WmiApRpl.dll.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WmiApSrv.exe.mui Handle ID: 0x1214 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_fd6813e5c3d1c883\wbemtest.exe.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_en-us_8c7ca8bc3d6c201b\vds.mfl Handle ID: 0xb2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdfs.mfl Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\WinMgmtR.dll.mui Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_85666a725c5321a4\regevent.mfl Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\WMIPICMP.dll.mui Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipdskq.mfl Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4299559dcbb02d80\WMIsvc.dll.mui Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_en-us_dc060427766d0913\xml.xsl Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b12272852ae8ea37\wmipsess.mfl Handle ID: 0x8b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_en-us_b73a00e4bc93332e\wmipicmp.mfl Handle ID: 0xaac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_10.0.19041.1_en-us_8ab89bbe670645a7\wmiutils.dll.mui Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSE.exe Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..e-utility.resources_31bf3856ad364e35_10.0.19041.1_en-us_b54e33bc60acaeb9\WMIC.exe.mui Handle ID: 0xa3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_468f592c03894065\hbaapi.mfl Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\cim20.dtd Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-g..-base-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_569b37de4343f2d2\rsop.mfl Handle ID: 0xc8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1_none_6f451098bef6266e\wmi20.dtd Handle ID: 0x1160 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-text-encoding_31bf3856ad364e35_10.0.19041.1_none_6f727490db6e1eb0\wmi2xml.dll Handle ID: 0xf24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-scripting-chakra_31bf3856ad364e35_11.0.19041.1_none_ad40f7cae4aea7c0\Chakra.dll.mun Handle ID: 0x11bc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_10.0.19041.1_none_c653cc0f2ac29042\WmiPrvSD.dll Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_10.0.19041.1_none_859bfeb4a56d5200\cimwin32.dll Handle ID: 0x974 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_10.0.19041.1_none_97b0c067762f34f0\wbemcore.dll Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mibincodec-dll_31bf3856ad364e35_10.0.19041.1_none_08e03f6b4185534a\mibincodec.dll Handle ID: 0x10e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-winomi-mimofcodec-dll_31bf3856ad364e35_10.0.19041.1_none_05cbca3efb23b257\mimofcodec.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_10.0.19041.1_none_c3bcdca562bead16\cliegaliases.mof Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xe8c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0xae0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0xd6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_de3c62295de3e26e.cdf-ms Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_boot_dvd_pcat_en-us_80af7686f451a150.cdf-ms Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_measuredboot_ab1fadc53c86b337.cdf-ms Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_3b206622a946e834.cdf-ms Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_76cd6f1aaba6e83b.cdf-ms Handle ID: 0xba4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_common_en-us_11ebcc5f3c902d23.cdf-ms Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_8a294d630e90192b.cdf-ms Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_4e06b8e5aea05fb6.cdf-ms Handle ID: 0xc48 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_speech_engines_tts_en-us_5bd3d35b5669eef6.cdf-ms Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x8f0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_common_en-us_fda4d836608fc881.cdf-ms Handle ID: 0xfd0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_speech_engines_tts_181a16025b64685a.cdf-ms Handle ID: 0xf9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms Handle ID: 0xb94 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x898 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_pcpksp_windowsaik_cb9775b914a8e5a2.cdf-ms Handle ID: 0xd30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x1198 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0xecc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0xf80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_administrative_tools_50eba26877c48094.cdf-ms Handle ID: 0xbcc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0x1200 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x109c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0xbac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en-us_8a16130a1a0cde0c.cdf-ms Handle ID: 0x84c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_92b215ec670a7f35.cdf-ms Handle ID: 0xcc8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_auxpad_bb15ebb5c2b76782.cdf-ms Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_insert_bb25e7d5c2685e4a.cdf-ms Handle ID: 0xcc0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_keypad_bb29f287c24d4a93.cdf-ms Handle ID: 0xb84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskclearui_efb22b63342a179d.cdf-ms Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_main_992db4c6307e339e.cdf-ms Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskmenu_4ada925d6aba5911.cdf-ms Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknav_bb31da33c2376c77.cdf-ms Handle ID: 0xb10 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_osknumpad_ee37ed195958108b.cdf-ms Handle ID: 0x119c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_oskpred_4ada71c56aba89ef.cdf-ms Handle ID: 0xda0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_fsdefinitions_symbols_4eaf815d64e8ecbc.cdf-ms Handle ID: 0x1234 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_languagemodel_ccceb944834c6c97.cdf-ms Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0xb30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources.cdf-ms Handle ID: 0x1250 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_en-us_2e88d920877a69ae.cdf-ms Handle ID: 0xc34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_fa3a0fbfbc08eda1.cdf-ms Handle ID: 0x10f8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0xd90 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0x10c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0xa00 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0x884 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0xe1c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessibility_1fe25fac404028a8.cdf-ms Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\diagER.dll Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\hwexclude.txt Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\hwcompat.dll Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\offline.xml Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.exe Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\unattend.dll Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgrade_frmwrk.xml Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\hwcompat.txt Handle ID: 0xfd4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\reagent.dll Handle ID: 0x1190 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\wdsutil.dll Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\unbcl.dll Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\setupplatform.exe.mui Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ejuvenation-onecore_31bf3856ad364e35_10.0.19041.1_none_9e2b40a4daa9bd87\wpx.dll Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\setupplatform.dll Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_10.0.19041.1_none_07724f8ba119348c\dokchamp.ttf Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..pe-estrangeloedessa_31bf3856ad364e35_10.0.19041.1_none_b29fcdf719528101\estre.ttf Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_10.0.19041.1_none_bdb5bbcec322f2e9\daunpenh.ttf Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-browallia_31bf3856ad364e35_10.0.19041.1_none_81f2722e20f72389\browalia.ttc Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_10.0.19041.1_none_6e153adbf8560c28\euphemia.ttf Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartika.ttf Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautamib.ttf Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-gadugibold_31bf3856ad364e35_10.0.19041.1_none_3611087a5197320a\gadugib.ttf Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_10.0.19041.1_none_c01d2d24b8311281\kartikab.ttf Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gadugi_31bf3856ad364e35_10.0.19041.1_none_9a2fcf6fc49d7ad7\gadugi.ttf Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalingab.ttf Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_10.0.19041.1_none_31a57ca83b98313a\gautami.ttf Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_10.0.19041.1_none_bf4a9e141fed34ff\kalinga.ttf Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..uetype-javanesetext_31bf3856ad364e35_10.0.19041.1_none_b3574d6de9cf3152\javatext.ttf Handle ID: 0x1168 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUIb.ttf Handle ID: 0x11e8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_10.0.19041.1_none_2a28dd53b9428be2\LaoUI.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\latha.ttf Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_10.0.19041.1_none_26a2cd7dbb849930\lathab.ttf Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawad.ttf Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_10.0.19041.1_none_be821a687d9acbbd\leelawdb.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpotab.ttf Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUIb.ttf Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_10.0.19041.1_none_28df0bade745dad7\mvboli.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangal.ttf Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_10.0.19041.1_none_6a270ea175c7f96e\mangalb.ttf Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-newtailue_31bf3856ad364e35_10.0.19041.1_none_6754931ac9bff51a\ntailu.ttf Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..etype-newtailuebold_31bf3856ad364e35_10.0.19041.1_none_5d1126271181e8f5\ntailub.ttf Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..e-microsofthimalaya_31bf3856ad364e35_10.0.19041.1_none_be23cd6ddb05a43c\himalaya.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_10.0.19041.1_none_fef69e3609e0910f\KhmerUI.ttf Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_10.0.19041.1_none_8462a8d0ff9b835c\iskpota.ttf Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_10.0.19041.1_none_a120896fb792f283\plantc.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_10.0.19041.1_none_28c07ecf98e12f9c\phagspa.ttf Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavi.ttf Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-phagspabold_31bf3856ad364e35_10.0.19041.1_none_3aea002642688123\phagspab.ttf Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..type-mongolianbaiti_31bf3856ad364e35_10.0.19041.1_none_b98ed43aa5e7a533\monbaiti.ttf Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_10.0.19041.1_none_fcd05ab568b5f217\raavib.ttf Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ype-myanmartextbold_31bf3856ad364e35_10.0.19041.1_none_425c516c686c438d\mmrtextb.ttf Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..ruetype-myanmartext_31bf3856ad364e35_10.0.19041.1_none_0ed94ed2eab432b2\mmrtext.ttf Handle ID: 0x9ec Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_10.0.19041.1_none_0e32cdcd59fbc6c5\msyi.ttf Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_10.0.19041.1_none_846cdc31fb668b8c\ebrima.ttf Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..truetype-ebrimabold_31bf3856ad364e35_10.0.19041.1_none_e73f502bddc74e95\ebrimabd.ttf Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_10.0.19041.1_none_6bc876d1a17af749\nyala.ttf Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-taile_31bf3856ad364e35_10.0.19041.1_none_414fac2f4ef3e4db\taile.ttf Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-tailebold_31bf3856ad364e35_10.0.19041.1_none_618a29e4c90ae974\taileb.ttf Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tungab.ttf Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shrutib.ttf Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_10.0.19041.1_none_3eb6c46150b50021\tunga.ttf Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_10.0.19041.1_none_8358b3e9f1389949\shruti.ttf Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrindab.ttf Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_10.0.19041.1_none_2c157aebf8a0f49c\vrinda.ttf Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onexschema_31bf3856ad364e35_10.0.19041.1_none_0b333e5de5b48e52\OneX_v1.xsd Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_LEGACY_profile_v1.xsd Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v3.xsd Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v2.xsd Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WFD_profile_v1.xsd Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLANAP_profile_v1.xsd Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_policy_v1.xsd Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Rules.System.Wireless.xml Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\Report.System.Wireless.xml Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanschemas_31bf3856ad364e35_10.0.19041.1_none_63f329ff5bc0e40f\WLAN_profile_v1.xsd Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Report.System.Wireless.xml Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaB.ttf Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\Rules.System.Wireless.xml Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-f..-truetype-nirmalaui_31bf3856ad364e35_10.0.19041.1_none_bb8c742f0f537122\NirmalaS.ttf Handle ID: 0xc2c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\cmi2migxml.dll Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10core.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1core.dll Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d8thk.dll Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_10.0.19041.1_none_061a8ae948ef9d75\d3d10_1.dll Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_10.0.19041.1_none_994f7a363ef01d1c\d3d10level9.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\csiagent.dll Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\dafWCN.dll Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\delegatorprovider.dll Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-dafwfdprovider_31bf3856ad364e35_10.0.19041.1_none_b058c457605b2980\dafWfdProvider.dll Handle ID: 0xf74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ent-appxpackagingom_31bf3856ad364e35_10.0.19041.1_none_cf9f54279a49afa1\AppxPackaging.dll Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11on12_31bf3856ad364e35_10.0.19041.1_none_b1c8a7f2e6d6007f\d3d11on12.dll Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_10.0.19041.1_none_21c5c011e1907693\dxva2.dll Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-onecore-directx-dxcore_31bf3856ad364e35_10.0.19041.1_none_69b9ab9a9fe50fec\DXCore.dll Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d10_31bf3856ad364e35_10.0.19041.1_none_a5a973226d09843c\d3d10.dll Handle ID: 0xdb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-fmapi_31bf3856ad364e35_10.0.19041.1_none_08fd237cd396b20c\fmapi.dll Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\fdWCN.dll Handle ID: 0x914 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_10.0.19041.1_none_f06f85d6bdea4043\dxgi.dll Handle ID: 0x864 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\iemigplugin.dll Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.1_none_a5a945926d09b77e\D3D12.dll Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_10.0.19041.1_none_783e7a290023bc74\d3d9.dll Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.1_none_27d7512ffd45dfff\imgutil.dll Handle ID: 0xa38 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsied.dll Handle ID: 0x120c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\EdgeManager.dll Handle ID: 0xfd8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsium.dll Handle ID: 0x9a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\INETRES.dll Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsidsc.dll Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmi.dll Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiwmiv2.dll Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsiexe.dll Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\IndexedDbLegacy.dll Handle ID: 0xba8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\IESettingSync.exe Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1_none_a5a95c5a6d099ddd\d3d11.dll Handle ID: 0xa18 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na_31bf3856ad364e35_10.0.19041.1_none_60b4ee44b96a7f24\l2nacp.dll Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_10.0.19041.1_none_ba9b1bcfb0acbb97\FntCache.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migres.dll Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\inetcomm.dll Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migisol.dll Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.19041.1_none_433c779d1394f332\mshta.exe Handle ID: 0xa64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migapp.xml Handle ID: 0xc64 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\mighost.exe Handle ID: 0xa34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dll Handle ID: 0xe7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migsys.dll Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-ratings_31bf3856ad364e35_11.0.19041.1_none_b174c6b066f29f19\msrating.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-msimtf_31bf3856ad364e35_10.0.19041.1_none_877691e089f9d7ad\msimtf.dll Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlediting_31bf3856ad364e35_11.0.19041.1_none_320b71c34d9c2946\mshtmled.dll Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mail-comm-dll_31bf3856ad364e35_10.0.19041.1_none_2fa237edf7ea2ae4\msoert2.dll Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-mlang_31bf3856ad364e35_10.0.19041.1_none_0cd058fc835bd4ba\mlang.dat Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\MXEAgent.dll Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\osfilter.inf Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\oscomps.woa.xml Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_11.0.19041.1_none_d7a8f7851da0d841\pngfilt.dll Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\pnppropmig.dll Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migstore.dll Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui_31bf3856ad364e35_10.0.19041.1_none_d66507834d1f0011\oledlg.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex_31bf3856ad364e35_10.0.19041.1_none_5bbc2970bcb926cd\onex.dll Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\oscomps.xml Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-d3dcompiler_31bf3856ad364e35_10.0.19041.1_none_9f4327d7bb6def3f\D3DCompiler_47.dll Handle ID: 0x11fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\ReserveManager.dll Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\setupplatform.cfg Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFCN.dat Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLCID.dat Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPAT.inf Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPATRS1.inf Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPATW7.inf Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPATW8.inf Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPATWB.inf Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFPATWT.inf Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\sflistw8.woa.dat Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\sflistwb.woa.dat Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.dll Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\uninstall.xml Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\uninstall_data.xml Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgradeagent.xml Handle ID: 0x11c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_10.0.19041.1_none_59280f5751ee8923\OpcServices.dll Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgrade_comp.xml Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLISTW7.dat Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgrade_data.xml Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\mshtml.tlb Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgWow_bulk.xml Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgrade_bulk.xml Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapPeerProxy.dll Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnEapAuthProxy.dll Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_980b0e2792bde2ab\WcnNetsh.dll Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\WcnApi.dll Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wfdprov.dll Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLISTW8.dat Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\WiFiConfigSP.dll Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_10.0.19041.1_none_a054b167f609e4fc\d3d10warp.dll Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\sflistwt.woa.dat Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_dd0eb20b35869433\wcncsvc.dll Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay_31bf3856ad364e35_10.0.19041.1_none_a7cc6a3e80623078\WiFiDisplay.dll Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLISTWB.dat Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanhlp.dll Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-extension_31bf3856ad364e35_10.0.19041.1_none_afd43cb1c2b70f77\wlanext.exe Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_10.0.19041.1_none_c59f82998d027290\wlandlg.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-netsh-helper_31bf3856ad364e35_10.0.19041.1_none_ca8ef5b603a219f9\wlancfg.dll Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvcpal.dll Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\webplatstorageserver.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanapi.dll Handle ID: 0x10a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlanmsm.dll Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.1_none_ef7eafacae5f597a\wlanpref.dll Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansec.dll Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanconnectionflow_31bf3856ad364e35_10.0.19041.1_none_4025e317072f2c79\WLanConn.dll Handle ID: 0x11fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui_31bf3856ad364e35_10.0.19041.1_none_227d2dca8c30e04b\wlanui.dll Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLISTWT.dat Handle ID: 0x1170 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\SFLISTRS1.dat Handle ID: 0xe30 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.dll Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\upgradeagent.dll Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlansvc.dll Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifibus.sys Handle ID: 0x122c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwifimp.sys Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-vwifi_31bf3856ad364e35_10.0.19041.1_none_1585bba662e285b4\vwififlt.sys Handle ID: 0xd20 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1_en-us_c8070434a22590cd\nwifi.sys.mui Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\nwifi.sys Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_netnwifi.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f8fe2216006d1a98\netnwifi.inf_loc Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-native-80211_31bf3856ad364e35_10.0.19041.1_none_04f9b6942e500cbb\WdiWiFi.sys Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-c..ckagingom.resources_31bf3856ad364e35_10.0.19041.1_en-us_88a7ebc1de04eda0\AppxPackaging.dll.mui Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_10.0.19041.1_en-us_86cec2673098cffa\FntCache.dll.mui Handle ID: 0x11c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.1_none_088a2d22b0192451\migcore.dll Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsiexe.dll.mui Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsidsc.dll.mui Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..r_service.resources_31bf3856ad364e35_10.0.19041.1_en-us_68a68fbe4b19e7fb\iscsicli.exe.mui Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-l2na.resources_31bf3856ad364e35_10.0.19041.1_en-us_5c3c1f3e779f0e69\l2nacp.dll.mui Handle ID: 0xd5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\inetres.dll.mui Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..uvenation.resources_31bf3856ad364e35_10.0.19041.1_en-us_f9d1de7aec7190b4\migres.dll.mui Handle ID: 0x870 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..plication.resources_31bf3856ad364e35_11.0.19041.1_en-us_3f3ff51619c4352f\mshta.exe.mui Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-t..rk-msimtf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9aef241ffe9ee48e\msimtf.dll.mui Handle ID: 0xd24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_73a0f7eac168b613\msoert2.dll.mui Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onex.resources_31bf3856ad364e35_10.0.19041.1_en-us_12b2f524e0d28e4a\onex.dll.mui Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-com-oleui.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e0077757f5b0f7a\oledlg.dll.mui Handle ID: 0x100c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_a3eb241433b64a4b\wcncsvc.dll.mui Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_a38d7bfae8bfcdba\WcnNetsh.dll.mui Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wifidisplay.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6fdd4da1ee2267b\WiFiDisplay.dll.mui Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_a44c126c8514cadc\wcnwiz.dll.mui Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_en-us_d5f8b953ccacd563\mshtml.dll.mui Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_f4657f1f1f8ea752\wlanext.exe.mui Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog.resources_31bf3856ad364e35_10.0.19041.1_en-us_38e96d2dff6e4eed\wlandlg.dll.mui Handle ID: 0x1068 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_10.0.19041.1_en-us_c91f468d556191ce\WLanConn.dll.mui Handle ID: 0xbf8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlanapi.dll.mui Handle ID: 0x1030 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.0.19041.1_en-us_f6caf3e30da48a47\edgehtml.dll.mui Handle ID: 0x1268 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanui.resources_31bf3856ad364e35_10.0.19041.1_en-us_dcec1ba181e3ee3a\wlanui.dll.mui Handle ID: 0xeb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_en-us_aabcfb6886cdc9c9\wlanpref.dll.mui Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlansvc.dll.mui Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..sh-helper.resources_31bf3856ad364e35_10.0.19041.1_en-us_76e27666d9d17a96\wlancfg.dll.mui Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.dll.mui Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2_uninstall.mof Handle ID: 0xb14 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsirem.mof Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsidsc.mof Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiwmiv2.mof Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\msiscsi.mof Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsiprf.mof Handle ID: 0x1060 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru.mof Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_passthru_uninstall.mof Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.19041.1_none_5f5e6c34552aa03f\iscsihba.mof Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi_uninstall.mof Handle ID: 0x1094 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e30dc15461474d20\wcncsvc.mof Handle ID: 0x998 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.1_none_f8d0c78991af8645\wlan.mof Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2_uninstall.mfl Handle ID: 0x10d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiprf.mfl Handle ID: 0x10a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_passthru.mfl Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsidsc.mfl Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..registrar.resources_31bf3856ad364e35_10.0.19041.1_en-us_d268c9b84909f6f5\wcncsvc.mfl Handle ID: 0x11fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi_uninstall.mfl Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.1_none_06dd1134e9ef125a\storagewmi.mof Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe.resources_31bf3856ad364e35_11.0.19041.1_en-us_79a8d08cd7e5bb3a\ieframe.dll.mui Handle ID: 0xa58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..rvice_mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_db22af9c90e2f7c8\iscsiwmiv2.mfl Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSI.psd1 Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSIConnection.cdxml Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSISession.cdxml Handle ID: 0xadc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITargetPortal.cdxml Handle ID: 0xa0c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iSCSITarget.cdxml Handle ID: 0x930 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileIntegrity.cdxml Handle ID: 0x1220 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\DiskImage.cdxml Handle ID: 0x928 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileServer.cdxml Handle ID: 0x122c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorId.cdxml Handle ID: 0x11c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\OffloadDataTransferSetting.cdxml Handle ID: 0x988 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\InitiatorPort.cdxml Handle ID: 0x10b8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileStorageTier.cdxml Handle ID: 0xea4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\PhysicalDisk.cdxml Handle ID: 0xd4c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\FileShare.cdxml Handle ID: 0xc3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\ResiliencySetting.cdxml Handle ID: 0x106c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Disk.cdxml Handle ID: 0x10a4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.psd1 Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\MaskingSet.cdxml Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Partition.cdxml Handle ID: 0x8f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageHealth.cdxml Handle ID: 0x11c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageNode.cdxml Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageJob.cdxml Handle ID: 0x1178 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageReliabilityCounter.cdxml Handle ID: 0x844 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageEnclosure.cdxml Handle ID: 0x11ac Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageProvider.cdxml Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSetting.cdxml Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StoragePool.cdxml Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageTier.cdxml Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPort.cdxml Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\TargetPortal.cdxml Handle ID: 0xef8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.format.ps1xml Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.format.ps1xml Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psd1 Handle ID: 0x960 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageSubSystem.cdxml Handle ID: 0xeb0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.types.ps1xml Handle ID: 0x1268 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\VirtualDisk.cdxml Handle ID: 0x1030 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Volume.cdxml Handle ID: 0xe5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageCmdlets.cdxml Handle ID: 0xa60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\Storage.types.ps1xml Handle ID: 0x81c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageBusCache.psm1 Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.19041.1_none_9064b8c1b47576c0\iscsicli.exe.mun Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..ementwmi-powershell_31bf3856ad364e35_10.0.19041.1_none_9f3afd53271192d6\StorageScripts.psm1 Handle ID: 0x100c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-s..gementwmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_2f985a44e860e06d\storagewmi.mfl Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-wcn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_ed626ba695a80f1b\fdWCN.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll.mun Handle ID: 0x1060 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll.mun Handle ID: 0x9c4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.19041.1_none_e7635c5d69e7562e\WcnApi.dll Handle ID: 0xc9c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_f323c5809ebfa506\wcnwiz.dll.mun Handle ID: 0x8c0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\wow64_microsoft-windows-w..ig-registrar-wizard_31bf3856ad364e35_10.0.19041.1_none_fd786fd2d3206701\wcnwiz.dll Handle ID: 0x96c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ieframe_31bf3856ad364e35_11.0.19041.1_none_4e84f4fbb8566d9b\ieframe.dll.mun Handle ID: 0xaa4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms Handle ID: 0xe60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms Handle ID: 0x90c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_reports_en-us_04eb81229a78dfb4.cdf-ms Handle ID: 0x834 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms Handle ID: 0xe50 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_pla_rules_en-us_8cd2a7c250e636a2.cdf-ms Handle ID: 0x124c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x10a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0xb24 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x854 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_driverstore_en-us_f6b4aaeeda14a371.cdf-ms Handle ID: 0xfe4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_06656d8dd047aafe.cdf-ms Handle ID: 0x11fc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wcn_en-us_f42897ed07859b3c.cdf-ms Handle ID: 0xc60 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_iscsi_6a82841e51a4df9f.cdf-ms Handle ID: 0x10d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storagebuscache_f8ef06c6464c2279.cdf-ms Handle ID: 0x1094 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0xf3c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_storage_fcdb4bda9a6da24d.cdf-ms Handle ID: 0x804 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0xc04 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x1258 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x9b4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_1bf25cffa7664032.cdf-ms Handle ID: 0xb34 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_wcn_en-us_1f7e1a8c7448ffe8.cdf-ms Handle ID: 0x7f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0xe80 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\sources_recovery_en-us_38d0190271db68af.cdf-ms Handle ID: 0x980 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.19041.1_none_fc149c68bc8daa04\mshtml.dll Handle ID: 0xbf0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:03 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.0.19041.1_none_fd259af82c60df6e\edgehtml.dll Handle ID: 0xdc4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\diagER.dll Handle ID: 0x1014 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\cmi2migxml.dll Handle ID: 0x98c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\hwcompat.dll Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migres.dll Handle ID: 0x9e0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migisol.dll Handle ID: 0xc5c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\pnppropmig.dll Handle ID: 0xff8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\mighost.exe Handle ID: 0xb6c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\MXEAgent.dll Handle ID: 0xc74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migsys.dll Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\ReserveManager.dll Handle ID: 0x11f4 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\poqexec.exe Handle ID: 0xfbc Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\csiagent.dll Handle ID: 0xd40 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\setupplatform.exe Handle ID: 0xf08 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\wdsutil.dll Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migstore.dll Handle ID: 0xb58 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\reagent.dll Handle ID: 0x11d8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\unbcl.dll Handle ID: 0xec0 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\upgradeagent.dll Handle ID: 0xf84 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_8b2066136dd02eb6\poqexec.exe Handle ID: 0x1154 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\migcore.dll Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\amd64_microsoft-windows-i..dsetup-rejuvenation_31bf3856ad364e35_10.0.19041.260_none_3076bf596fa090b0\setupplatform.dll Handle ID: 0x1224 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x860 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x880 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x868 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x85c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0xf68 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.262_887f40f90e0e58bc.cdf-ms Handle ID: 0x820 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x12a8 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0xb7c Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x1268 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:04 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0xe74 Process Information: Process ID: 0x314c Process Name: C:\Windows\System32\wuauclt.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x9e4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x9dc Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x9d8 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x9e4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x9dc Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x9d8 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x9e4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.504_887f47870e0e4e39.cdf-ms Handle ID: 0x868 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x9d8 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x954 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x868 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0xb34 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\poqexec.exe Handle ID: 0xb4c Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\SysWOW64\poqexec.exe Handle ID: 0x420 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x3c4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xb7c Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x3b4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x3c4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\bootux.dll Handle ID: 0xb7c Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\$WinREAgent\Scratch\Mount\Windows\System32\en-US\bootux.dll.mui Handle ID: 0x3b4 Process Information: Process ID: 0x38e4 Process Name: C:\$WinREAgent\Scratch\F975A190-F979-4829-9250-4DFB4A6A5ADA\DismHost.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xadb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x9ba8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0xa484 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x9b4c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x8808 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x9ba8 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x5f60 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.19041.504_887f47870e0e4e39.cdf-ms Handle ID: 0xa484 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0xadb0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x9b4c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x6520 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x8f2c Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\poqexec.exe Handle ID: 0x56e0 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 04:22:44 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\poqexec.exe Handle ID: 0x9378 Process Information: Process ID: 0x37b8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.262_none_e73f0197262d9fec\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2020-10-30 04:22:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:22:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:22:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2640 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 04:23:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:23:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:23:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 04:23:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:30:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x9e8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 04:30:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:30:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 04:33:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:33:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:33:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:36:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:36:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:37:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7100 Process Creation Time: 2020-10-30T01:48:43.8286905Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7100 Process Creation Time: 2020-10-30T01:48:43.8286905Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7100 Process Creation Time: 2020-10-30T01:48:43.8286905Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7100 Process Creation Time: 2020-10-30T01:48:43.8286905Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7e117 Linked Logon ID: 0x1b7e15d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7e15d Linked Logon ID: 0x1b7e117 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7ef0b Linked Logon ID: 0x1b7f0d7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7f0d7 Linked Logon ID: 0x1b7ef0b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x1b7f0d7 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x1b7e15d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x1b7ef0b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x1b7e117 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7e117 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1b7ef0b Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 04:37:15 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 04:37:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ec8 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:41:40 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:42:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3df8 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 04:46:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 04:47:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x920 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 04:48:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:48:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 04:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:54:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 04:54:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 04:58:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 04:58:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 04:58:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 04:58:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4bc759 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x908 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:03:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2454 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgfw.efi Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgr.efi Handle ID: 0x78 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\memtest.efi Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Misc\PCAT\bootspaces.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootmgr Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\memtest.exe Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\wfplwfs.inf Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AgentService.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcd.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BFE.DLL Handle ID: 0x74 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bootim.exe Handle ID: 0x74 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bootux.dll Handle ID: 0x74 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdd.dll Handle ID: 0x74 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ci.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\csrss.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FWPUCLNT.DLL Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hal.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IKEEXT.DLL Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iumcrypt.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\keepaliveprovider.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KerbClientShared.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LsaIso.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsasrv.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsass.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssecuser.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncbservice.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netiougc.exe Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nsi.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nsisvc.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nvspinfo.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offlinelsa.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasadhlp.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasauto.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasautou.exe Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sbservicetrigger.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\securekernel.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\skci.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smss.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sspicli.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sspisrv.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcblaunch.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcbloader.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.efi Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winnsi.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.efi Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshqos.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.efi Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\afd.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\clfs.sys Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dumpfve.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgkrnl.sys Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms1.sys Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms2.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fastfat.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fvevol.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\FWPKCLNT.SYS Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\hwpolicy.sys Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ks.sys Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecdd.sys Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecpkg.sys Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\lxcore.sys Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb.sys Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb20.sys Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mskssrv.sys Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msrpc.sys Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mssecflt.sys Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndis.sys Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndistapi.sys Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndiswan.sys Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndproxy.sys Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netbt.sys Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netio.sys Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nsiproxy.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ntfs.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pacer.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pdc.sys Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rasacd.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rasl2tp.sys Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\raspptp.sys Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdbss.sys Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tcpip.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\VmsProxy.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\VmsProxyHNic.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\vmswitch.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\volsnap.sys Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wanarp.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Wdf01000.sys Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdfLdr.sys Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wfplwfs.sys Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\winnat.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcd.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KerbClientShared.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nsi.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdll.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offlinelsa.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasadhlp.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasautou.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sspicli.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winnsi.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshqos.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_winsxs_installtemp_a7200a27e5239119.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_401032e7a18c2040.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_services_ddfc4ae175ff1678.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_3f582555a4c8be22.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_08335f148b847d02.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_system_e29eb58bafd8a559.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_application_85e0c568acb2deec.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tracing_bca9e27848ac4cc0.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tasks_4010304fa1e03ae2.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tapi_401030b7a18c2556.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_winmetadata_047140633426c833.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_19ae85881f1c4f2d.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_b001352a7f7811a4.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_windowsupdate_456cbc9f3764ca02.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_uev_85ae9894702fab2e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_smbshare_0ed015a1fb5b3049.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_provisioning_a90c2174ca14f6c9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netswitchteam_11ad3eda0a2aa874.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netlbfo_80fc9ece463f45fa.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netconnection_0c47da6c3ce4e77d.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_configci_10d2a1a7f9d9bb92.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_wbem_1bf25d11bb30b33f.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_wbem_xml_3f8ffc24c43a2ff4.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_bad86ed64cd79762.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_200b1d7e84f3818e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_4e7d28a223eef37f.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_synccenter_bb7e945a68c8139d.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_skus_csvlk-pack_a04c4b36b1c86210.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_ppdlic_ee939189101570f7.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:19 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_pkeyconfig_b2fdf59e46c165ae.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_voiceactivation_64af56b9bf516892.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_engines_tts_3ffb0757669d4b88.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_engines_tts_44a2fb68bc2a57e0.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_common_b84a7a708e507091.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_setup_b8f1f0fc4fb15499.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_nui_1bf24957a7665fb2.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_fac29f16fb5be78a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_icons_0ad2dfa4d19a0c98.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_icons_stockicons_3f4e81997d25c7f4.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_migwiz_4d49015779604be3.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_mailcontactscalendarsync_c7a6885fbdf0ab11.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lxss_1bf24533bb30d910.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_sam_5371e95113e53c10.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_lsa_5371ea7113e5392b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_volume_professional_81e94ea00d535798.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_oem_professional_4d95b036a354f599.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_licenses_neutral_default_professional_2a2c080b72ab118c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_keywords_287e3848e6b7ce36.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_shared_19ff36aa43ebd16a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imekr_0f2989dc0e0c2815.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_0f2986100e0c2dc6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_grouppolicyusers_44ab3d75342e5a9d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_grouppolicy_865e318ee53f8967.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fxstmp_3ddf405592144fb8.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_f12_1bf23f09a7666be5.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_driverstore_9d5a0097549f0abb.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_drivers_193c6528ad70a5e7.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_397022e597c7bf30.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_936cc011f8712e92.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_09753eb0ca774ef7.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_roaming_3bee7e22f285c764.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_locallow_062ee28842850640.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_systemprofile_appdata_local_0bd41f8b89ae9a9e.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_config_regback_520dcf8c985ef2ff.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_com_1bf23555a7667cfb.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_catroot_19d09cfeaa84d098.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__ada83e5211e1e29e.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bthprops_15257cd305b161da.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_applocker_9faecc9d3543428d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommoninetcore_ba4b0b6d658db81d.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommoninetcore_windowsinternal.xaml.controls.tabs_assets_fonts_49d106baa2d3d334.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommoninetcore_pris_6f2278267dd0fe11.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_0eb1b891774fd848.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_startui_938d8aa7a19c754e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_startui_assets_6c4fca17f06b9ecf.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_startui_assets_fonts_14675013efd03005.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_pris_ac5770c7358d5c72.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_networkux_assets_fonts_b2b933f3581daf2c.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_devicesflowui_fonts_f1a73aa6a3f2ec91.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_7ce6d31c57740cd3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_15857ed2e840b8f6.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_fonts_3fa5855c97ee0980.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_7298028ee386990a.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_pris_71a69ceed5129daa.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_6f826ed139dc38ac.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_b04b2dbada91ba13.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_fonts_e1429b15bb7a603f.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_pris_c69f4420e8b9ac96.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_80571585edc0bc10.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_a2baca8046478552.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_5ec4ff00d0d98653.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_45f5e040701cd097.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_pris_8eb5d62ebc93ca12.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.search_ed9cc5a2b23bcffb.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.search_images_3ce3c49a17a92a93.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.printdialog_bd64301dff14d784.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.printdialog_pris_0268448be4f886da.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.pcshell_f32245a82a039128.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.pcshell_peoplepane_assets_1773a8a6e1ab2266.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.logon_ed8ece16fb61b4e6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.parentalcontrolssettings_17e5c3595e118a55.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.parentalcontrolssettings_images_c0abb9832f16a4ad.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.applicationmodel.lockscreen_d0e0107729c97a93.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.applicationmodel.lockscreen_pris_de46d3c67a43a587.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows-nfc-semanagement_63ed886ef5f2afc3.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_5e79548f3d2c4397.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_pris_94c471057dd46b83.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents_ef2e86c7db17ea16.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents_timelineui_0c27ba1219a6e41b.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_microsoft.windows.sechealthui_5bb2238b2acc9da0.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_microsoft.windows.sechealthui_pris_0302f8ba338f56e0.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_9a8b950cdeee06ad.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_assets_f8f8f553bc76ad92.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_callingshellapp_assets_fonts_a6a41a0eafc8c1ca.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windows.cbspreview_cw5n1h2txyewy_22550f63a4546e7d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windows.cbspreview_cw5n1h2txyewy_pris_ba2c4b636e54aed7.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_windows.cbspreview_cw5n1h2txyewy_assets_425ce7167ecf33ea.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_pris_3818bc2422f945c8.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_assets_7b05f0549cbec22d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_279dce154aea2ac9.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_pris_dce7f2ada50375cf.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_parentalcontrols_cw5n1h2txyewy_assets_a55aa1bc343589de.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_9755e557b5c19fb1.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_pris_960d7e855e108c1b.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_ncsiuwpapp_8wekyb3d8bbwe_assets_224604415da008f6.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.undockeddevkit_cw5n1h2txyewy_77a329df185f5721.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.undockeddevkit_cw5n1h2txyewy_assets_ebc1b7ef05677316.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_da484f523662e470.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_807d4ebff2f5c7b4.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_6fe9167b23648d3a.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_6c4152be17b5f9d3.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_sounds_e18e7a64d7b2bdc7.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_screenclipping_assets_fonts_4ae7d45101bec9a1.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_screenclipping_assets_1496f026de9c54a1.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_pris_07f2444136ecbb7a.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_irisservice_d21869ac19d9607c.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_2e34c2b1522dcef5.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_05d9c76fbd2ec310.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_449a73b3bb876317.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_ninja_2d442cc31acccb4b.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_inputapp_assets_fonts_2e648423184414d5.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_2da43068333158be.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_ninja_d45b4e66728b3a3e.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_fonts_c527b2ea8958a424.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_inputapp_assets_dictation_39a0f8a370b329c3.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_assets_636244f24a04b545.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoftwindows.client.cbs_cw5n1h2txyewy_appxmetadata_76835224a6509a72.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_f20e4c4d4e876b3f.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_themes_1f2d670dacd61c23.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_resources_0058419ed0e268cc.cdf-ms Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_90648820b0a2252d.cdf-ms Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_titleachievement_feba1e22114ab440.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_profilecard_d81353263056fe50.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_peoplepicker_699dc213009f5408.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_invitefriends_51f8dc5582c842ab.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_debugdashboard_9096171787e858d2.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_connectedstorage_bb7f4c5629f8f5c1.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_checkpri_e7a4ee77932b19b6.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_pages_changerelationship_c052060eb138afed.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_fonts_91ccfd4ead7732a9.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_21a00c89570906c4.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_titlebar_c5b3637bfa36fded.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_progressring_b01128edcbae037b.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_profileheader_55aa9a2093bcc92c.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_person_3c04788c233ce0e3.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_peoplelistview_1bb0b63e2dcefe4a.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_general_3d48ad2ec589c0e0.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_gameprogress_49d06eeb9e1c5017.cdf-ms Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_contenttile_3214cfe0629be901.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_control_changerelationshipbutton_31a39d400d51dd10.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.xboxgamecallableui_cw5n1h2txyewy_assets_21f0037fa66ea49e.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.xgpuejectdialog_cw5n1h2txyewy_6f3e12c2a894df22.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.xgpuejectdialog_cw5n1h2txyewy_pris_718290b8a3bd0a02.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.xgpuejectdialog_cw5n1h2txyewy_assets_f61ab60bf69c944b.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy_d32a9d6ca3506cf2.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy_assets_84da0fa1380edf65.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_5c9bcd2fbb5568e6.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_pris_4411c1f8ffbde214.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_css_97fe2d3982e9ff53.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy_assets_2482c5a7df075309.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_8cdc4a2b89a0ce24.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_pris_1e3a1ba250c479fa.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_assets_2c72493351d74c03.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.sechealthui_cw5n1h2txyewy_assets_fonts_6ccf17025b49a9e7.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.search_cw5n1h2txyewy_ab79f6eb1dc17af5.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy_46d0147d9d0e7625.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy_pris_818d8e38ea51703d.cdf-ms Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.peopleexperiencehost_cw5n1h2txyewy_f7fd95c23bab9f94.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.peopleexperiencehost_cw5n1h2txyewy_pris_9edd48d3cfd2afbe.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.peopleexperiencehost_cw5n1h2txyewy_assets_cf68ccdf60246487.cdf-ms Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_80e99b2c380ce386.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_67783f6849153b36.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_4009_22164123daca0b0b.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_1009_22164123daca0b08.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0c0c_22166549dac9d492.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0c0a_22166545dac9d4a4.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0c09_22166535dac9d4ec.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_080a_22165063dac9f3f7.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0809_22165053dac9f43f.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0804_22165049dac9f46c.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0416_22164891daca000f.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0411_22164887daca003c.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0410_22164885daca0045.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_040c_221648cfdac9ff49.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0409_221648bbdac9ffa3.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_speech_0407_221648b7dac9ffb5.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy_pris_565e254797fba24a.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_e1ee1f244749a46e.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_c1f3c63b8b44e44e.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_4009_8f459d394bfe2379.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_1009_8f459d334bfe2394.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0c0c_8f459bc94bfe26da.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0c0a_8f459c114bfe2638.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0c09_8f459d314bfe23b0.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_080a_8f459c114bfe262d.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0809_8f459d314bfe23a5.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0804_8f459de54bfe2210.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0416_8f459f834bfe1fd5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0411_8f45a0374bfe1e40.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0410_8f45a05b4bfe1def.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_040c_8f459bc94bfe26cb.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0409_8f459d314bfe23a1.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_speech_0407_8f459d794bfe22ff.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_pris_06146a5d54fa2c00.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_assets_c7a73ff382a5aad7.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy_assets_fonts_5970b081af9a7fbb.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.narratorquickstart_8wekyb3d8bbwe_aa4229d57e07074a.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.narratorquickstart_8wekyb3d8bbwe_pris_2fcc74e35c7bd23c.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.narratorquickstart_8wekyb3d8bbwe_assets_3c2c27c2cd8c0a67.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_7f0cdb3cdcf67613.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_pris_b04c47d5ff5f14ed.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.filepicker_cw5n1h2txyewy_assets_fb9af0810a32fb5e.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_4a81d77affb96b12.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_pris_bf3c7b21cedb4b7a.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.fileexplorer_cw5n1h2txyewy_assets_b49608cc4f09e72b.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_images_f48d365ca6bf839f.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_e92250ef2519d1f6.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_0c3414e5ea9b964c.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_608128e0971fe102.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_views_ab3b53e7951674ac.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_js_c50fa6bbbb7c87b1.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_2902e194c40c2d99.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_view_fa144ce8b696a5f6.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_js_30c977d57667d018.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_40a8494b26aff035.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_view_878bf08afd4f7608.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_js_b837e3558be51686.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_47e577bfb89f66ff.cdf-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_view_ffe5b70b18357b66.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_media_2e29d64a701c210b.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_2be3c432c2ce3ede.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_common_5c49fd1a5570d1f3.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_d9ae0f7fd2cccc94.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_view_a30cd40228c98533.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_js_04768872769d851d.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_d9ae09c5d2ccd3fb.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_9d516b3c2e3e1a84.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_templat_72e2a4dd8431fbed.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_autopil_c15d914491ef8c5d.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_media_fff1539a1a4e3fb7.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_fed525f87d913b20.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_common_9b35fdf5c98f69bb.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_autopilot_7c3101fe157db81d.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_css_9d5145ddb46283ae.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_views_d5eef763b212983a.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_js_8c1a5a20ff89a7b5.cdf-ms Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_82255765359ba571.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_vi_7e71e645381609fd.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_js_c58adfa13ec3cacc.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_24a5fefd01d630ef.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_views_c7398a706c782c0f.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_js_08cf6efb11d0da96.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_views_f55d581a0acbb522.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_f55759080d09bc14.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_4009_f24be8641cd5eaeb.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_1009_f24be8d01cd5e9f8.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0c_f24bfc161cd5cc82.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0a_f24bf84a1cd5d234.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c09_f24be91a1cd5e8fc.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_080a_f24bf8341cd5d297.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0809_f24be9041cd5e95f.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0804_f24bdf861cd5f79c.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0416_f24be34a1cd5f20f.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0411_f24bd9cc1cd6004c.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0410_f24bd7e61cd60325.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_040c_f24bfbf81cd5cd09.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0409_f24be8fc1cd5e983.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0407_f24be5301cd5ef35.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_retaildemo_d6007de2c4449ca2.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_pris_4436110b27fc8d08.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_36e69b3b0e7ecf70.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_js_c3e6a46e6987d93b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_css_1f290cb460a43b49.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_media_f54b539a0b1cc81a.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_lib_b0f47f90f3500a51.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_js_91283bc423026fc5.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_images_f5434c400d60dd7c.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_fonts_f53d61bc0b5bbe04.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_4436285d27fc685e.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_prod_c85cee3a7af640ef.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_css_b0f49fc4f34fda43.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_443623ff27fc6f6b.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_view_c303ad0c866a9c46.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_2a738435bdbe8f70.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_applaunchers_de40849bf361043c.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.capturepicker_cw5n1h2txyewy_a6a11caf60726833.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.capturepicker_cw5n1h2txyewy_pris_1f26cd22beec03f3.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_c0246e5a4e3e550c.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_pris_6a0f765a48ee4b44.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.callingshellapp_cw5n1h2txyewy_assets_ea79be798cb01049.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_29da24b0fd93bf69.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_pris_739c1e49050f5c39.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy_assets_c21827d4b5b1e098.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.appresolverux_cw5n1h2txyewy_b9e567f99535ffbf.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.appresolverux_cw5n1h2txyewy_pris_298da63cdcd2b7c3.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.appresolverux_cw5n1h2txyewy_assets_3e7d93c07af8d918.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.apprep.chxapp_cw5n1h2txyewy_f66b8c80bd9c0bf7.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.apprep.chxapp_cw5n1h2txyewy_pris_32b48c18fef4b703.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.apprep.chxapp_cw5n1h2txyewy_assets_b738fcf25dd159f0.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.addsuggestedfolderstolibrarydialog_cw5n1h2txyewy_42e3ddae53f1a7cc.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.addsuggestedfolderstolibrarydialog_cw5n1h2txyewy_assets_0fcf00f1a0cbe93d.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_dc7f0351d4ad5d00.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_pris_cff87b484a86df16.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.win32webviewhost_cw5n1h2txyewy_assets_01a46ab27cf3e943.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_9e9a8bf16c9ce6fb.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_pris_54732ccdf1f56e95.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_31c45221d4cb849d.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_a8f01f5afa26d7fe.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_hubgraphs_1e54f4890cd85af2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_cpuusage_1243fe54b3c33ef5.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_controls_1157de3cb46e4242.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_images_b2ea4b46687fb713.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_7a1e52c1c21a9b31.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_remote_11ebffa9da3fca1d.cdf-ms Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_images_1340465dd71e167d.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_a9f39a038cc3b7a3.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_remote_55dc7b5801fb6335.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_images_6510545beb249a55.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_7a244bd9946463d6.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_storage_f70892c1f75cfbcb.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_serviceworker_353d4d6caf0180b1.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_network_efaedd2e00b02226.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_memoryanalyzer_501acfeebbf2699d.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_emulation_591aa5980a836822.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_console_d9535ed0236baa7f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_popup_1a69c5f1c3ce09d6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_pluginhost_7855451f8cc6d5e5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_7ab47f47c1114fce.cdf-ms Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_styles_1422443bc51bd488.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_remote_1428492fc551de78.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_images_157c8fe3c2302ad8.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_common_1658cff9c037a11d.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_common_external_7f92c7900210e5ac.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_memoryanalyzer_de20a234bbe7c54f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_memoryanalyzer_images_b1ecedba4965354b.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_7b8c91c59139b693.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_remote_0db396303ddca9c5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_images_fb78fc5c5a0cc765.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_frontend_739b19554a8c20f2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_frontend_host_api_data_ed750ad946fce5e8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_f12host_7bac9fd7bf1afefb.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_emulation_fababcde97c7d402.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_emulation_remote_1475c96e2f3f2e62.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_elements_71ccc64b4d409b7d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_f226e3a6fa163210.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_768f421567e95a56.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_winningview_ed97ab3258420ac1.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_styleview_88bd78c42d6d2ad0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_changesview_3db702d077f4d0ac.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_images_77e98dbd64fdb0a6.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_domtree_78a1d1c302cf8918.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_81168649365dfec5.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_watches_1bb8fcf67725ae40.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_watches_images_df31852dca1c5088.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_remote_11c812e70631185f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_languageservice_32e32ad1556f94fc.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_languageservice_images_1b734cca58996f4e.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_images_11b5f8b3068a4e7f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_cursor_11aa146906c830c9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_cursor_images_ba8eeae0d1df5481.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_callstack_633aff4012f6a965.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_callstack_images_9306b1fde7cddd57.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_breakpoints_af355a13795264e7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_breakpoints_images_4880219d231e1c07.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_console_7c54de03bd35687d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_7c54d2a38f4a267b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_tabcontrol_f71334f0c01c2e5f.cdf-ms Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_slickgrid_03235f7c2ba7bcf3.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_slickgrid_plugins_58362696fb879581.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_resourcesview_cb7043508efcf9d9.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_remote_86e6a9426c617031.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_4757a4fe44691a93.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_images_a51757acdeb17b07.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_controls_ca0aefc3c1cf16ed.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_objectview_212bfb620eb6c4fb.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_81919faf0ad34c24.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_836d0bedf622f96e.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_039e33851d5947ad.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_ec5dc157ad6c2803.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_95fdc9aeaaab6af6.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_b3bb6a206b246432.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_b3bb6b0a6b24624b.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_cfd626ca1b2d84ad.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_cfd623421b2d89d0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_eebfb637d5a00776.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_edi_78ddde63e2dab0fa.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_f2dc8cf7872a49df.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_53a9eb248d463f89.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_7aeda93bec9377b0.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_b1551e46af82ed02.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_modelview_68ab429493cd05f1.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_jquery_76027b9686fc0651.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_intellisense_721db7d304085d2e.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_images_74ac0f6e88918dd1.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_images_colorpicker_e8c4095bbb47dc9c.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_grid_6c4c834909422a5d.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_c8a6147a8388b7fb.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_typescript_13617520d76f3fac.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_html_64972c0dbcaefc6e.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_css_7581a4e8169f757e.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_external_25adc88278dc605c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_editor_6e5693f2911e8b00.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_dommutations_bcd1772e3aeea97b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_dommutations_images_ba4ff6f874a9edb1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_controls_231926087bfb24b3.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_controls_listcontrol_eef1e9f6cc02fe9c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_pris_4719a634d2c04eec.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_f8075bc7ad02362b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_webnotes_febc6b7abccb2874.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_readingview_e64e82231b0e5fce.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_readingview_css_3066d24b0856bea1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_persona_4fd2132d4ad15439.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_offlinetabs_7d551ad6791e5fc2.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_offlinetabs_offlinetabs_files_606f2d436ca9f85f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_pinjsapi_85e7afd298d161a3.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_pinjsapi_content_bce4d61c88fff4ac.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_learningtools_25cb263578b00eec.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_dcb3be839f31d5cd.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_prefill_578958a487bb2d19.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_document_3a04a7fa7c0c1008.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_content_5091a4e29314f3d6.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_fonts_206f147a74e786c9.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_errorpages_73ec08ffb6105e23.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_dictionary_0a4f3c3a52411629.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_contextmenu_6a54d142fb74801d.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_990e8d61fcad5c14.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_js_78c5ff49aa9e261b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_css_38b1881b8abcd7a5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_booklibrary_3e904335483f7fff.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_applicationguard_8359e7f74deb583c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_6f26550558264bb4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.lockapp_cw5n1h2txyewy_assets_e61eed4a8582e20d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.ecapp_8wekyb3d8bbwe_ac10c70bb3589f82.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.ecapp_8wekyb3d8bbwe_assets_ae58e904a4695adf.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.creddialoghost_cw5n1h2txyewy_eb70173831f35b36.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.creddialoghost_cw5n1h2txyewy_pris_093f1878259fce2a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.creddialoghost_cw5n1h2txyewy_assets_d68cc6b09c78eb2b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_0e6f6a5d1f5a1430.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_pris_f9ee3e9148083766.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.bioenrollment_cw5n1h2txyewy_fonts_f2b30f7dd2e0fe08.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.asynctextservice_8wekyb3d8bbwe_3d79f655ade1fc1f.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.asynctextservice_8wekyb3d8bbwe_assets_5cf354e3143c045e.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.accountscontrol_cw5n1h2txyewy_fc38de406c5c8223.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.accountscontrol_cw5n1h2txyewy_pris_f2961b1ae98936c3.cdf-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.accountscontrol_cw5n1h2txyewy_assets_b23e6d9669ed5578.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_pris_8c9cc4e4b2c16ab2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_css_af32787f971fc4dd.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_assets_4318eb5d347aa2b1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winmetadata_0c48e99293678cff.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winevt_39519e6af36cf6a7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_a349059b05097caa.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_windowsupdate_f5f9c8b88a63903a.cdf-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_uev_36c96168b9ff01a8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_smbshare_b160c489ca4b107d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_provisioning_59992d8d97512395.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netswitchteam_c23a4af35d296eac.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netlbfo_dfa61a2ec6bf8e00.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netconnection_bcd4e6858fe3adb5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_hostnetworkingservice_32491a0f442adf13.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_configci_b363508fc8c99bc6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_ru-ru_461abb409e8a4231.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_1cf62c11bac4d1af.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_amd64_a24e7f3c1523e31d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_en-us_4600b46a9eff5ffa.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbiodatabase_8ca29eba075c22c3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_xml_026f0f207227ebbc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_uk-ua_43152680b6d271dc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_ru-ru_438138a6b5df4494.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_a67c0a7b7fef87b3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_taskscheduler_2a138755a33c530b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_synccenter_6c995d37b2976a17.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_systemresetplatform_14fecc2716acccef.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_serverrdsh_59647a09f002b541.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalworkstation_7ab478a3d1f596f9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalsinglelanguage_d9d84093a75f0740.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionaleducation_26986f1f25caf246.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalcountryspecific_6cbf9678f9f9bb86.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professional_a933d9880344b1b8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_iotenterprise_22e013631613af56.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_enterprise_bc64f038d2d7a6d4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_education_eb248cb951678951.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_csvlk-pack_7cc2fe5a710dd58a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_pkeyconfig_d8fc0830c525895a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_store_2.0_774a618ff1521716.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_tools_e03b2d8f300154a4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_servers_02b04ba79d79f697.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_prtprocs_x64_bfba530a0f4e6934.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_printers_420476df024372d2.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_f1780fdbb7b569a2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_voiceactivation_57f72a0344e2d398.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_speechux_bf4b53e8d47da913.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_engines_tts_181a16025b64685a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_common_8c297630658eaa3d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_shellexperiences_9b5d98059e822373.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_recovery_f87e94e0816fb86b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_perceptionsimulation_782fb292607e7bbe.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_perceptionsimulation_assets_26be616134e2f347.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_openssh_f142c5dc07dcf27a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_uk-ua_e20f560ff53c6eee.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_ru-ru_e27b6835f44941a6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nui_066559e5d047ca7e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_029a48465a9cac56.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_2b49083c03963dec.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_stockicons_c7f9dde8d52dc62c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_sppmig_61344cc740310c55.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-textservicesframework-migration_55ee7b7ed7f684bc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-shmig_9ef85dcb89d16c58.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-rasserver-migplugin_2a8b8a2e22dfd44a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-rasapi-mig_89227d840be1b2ac.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-ndis_b44547c729f73574.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-mup_6effbe5ec5d3b4ea.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-directoryservices-adam-client_acf5a5eb145af9c7.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-wmi-core_0fa6ec0ad029fddb.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-textservicesframework-migration-dl_549205906affe6bf.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_mailcontactscalendarsync_1fa56a2f18ed9ed9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_066555c1df2fab48.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lxss_tools_74d567c39048f17f.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_scm_5b4992849d2e7236.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_sam_5b4992809d2e7248.cdf-ms Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_cloudfiles_4f1ca5d4f4bf5aad.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_volume_professional_7a83c2f800cfb9d0.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_oem_professional_3cf2af13e10f52ed.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_licenses_neutral_default_professional_88d58373f32b5992.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_keywords_eb5d4b4494a589fe.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imekr_e3d4073ca148c369.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_e3d40370a148c91a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ias_0665534bd047d20d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_grouppolicyusers_dc4bf95b336ab265.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_grouppolicy_8e35dabe44804e33.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fxstmp_16e717d128a223be.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_f12_06654f97d047d6b1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-mx_429cdb1e84dc62e4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_uk-ua_6a206bdc311e67ae.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_ru-ru_646d299e39ab4c16.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ddfs_06654947df2fbc31.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_1277fa612e559336.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_9dec82772012c8ca.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_92209b51227f4d2f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_roaming_3488f27ae602299c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_locallow_ecfb9e22d0b5fdec.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_systemprofile_appdata_local_bceee85fd37df118.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_config_regback_2cc4cf1020372405.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_staged_276d48e6ef8844ae.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_internal_c92a000dc3e74fc1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_cipolicies_active_29d3e16aea6e0340.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_catroot_dcafaffa24ca18cc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_catroot_f750e6c3-38ee-11d1-85e5-00c04fc295ee__0f6ee2e4c9b287a4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bthprops_d8048fceb39f1da2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appv_066541f9df2fc831.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_applocker_745949fdc87fdde1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system_4c3aa2308f9f8f41.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system_speech_00e1f005eaf69ef5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_86042ecd14dccb9c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_85d79caefa9ac893.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_8edca57574a98a4e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_en-us_f904ad554a6fa916.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_3b206622a946e834.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_8a294d630e90192b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_tts_4e06b8e5aea05fb6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_engines_tts_en-us_5bd3d35b5669eef6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_skb_3f581889a4c8cf86.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_skb_languagemodels_98bad1d95769c9e6.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellexperiences_2912c63bd045ac45.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellcomponents_dea969d8d78d1fee.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_editions_596ea20ddafb9f7d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicestate_5273c861cc221018.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_security_fe3ad40cd6e08c7c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_eaphost_52e2de002c0b1796.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_28b32c0f4161f4ca.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_examplepolicies_83fa074d09c5bf54.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_availablenetwork_aaf14dcc87fea431.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_packages_e07c8f8a91f541c4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_b2feb78251a8a259.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_oem_c5f03ab2bad804ca.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_mo_c5f03b0eb90452f5.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_microsoft_77338a94bd8669dd.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_autopilot_705495c13beba2f8.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_printdialog_af71281e89102b83.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_printdialog_pris_054fcec654fe3127.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_uk-ua_38dbd05b92b20e07.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_ru-ru_3947e28191bee0bf.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_rules_0bde462ce96f215e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_pla_reports_a2604845b2b380ca.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_fonts_0428e0346460ac4c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_nativeimages_ae465c5139d1dacc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v2.0.50727_443de60f3f6e0828.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_fonts_dc62106d96619a3c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_nativeimages_7f83bd6ed8241f3a.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_windowsbase_v4.0_4.0.0.0_31bf3856ad364e35_5764ca98829cd598.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationtypes_v4.0_4.0.0.0_31bf3856ad364e35_1f12bec8f88f4450.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationprovider_v4.0_4.0.0.0_31bf3856ad364e35_6bb637099f04ee2c.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclientsideproviders_v4.0_4.0.0.0_31bf3856ad364e35_6944991d7b306f0d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclient_v4.0_4.0.0.0_31bf3856ad364e35_35816ba0d06901c4.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.xaml_v4.0_4.0.0.0_b77a5c561934e089_6747aba031bff5b1.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms.datavisualization_v4.0_4.0.0.0_31bf3856ad364_0478e70360a4d545.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms_v4.0_4.0.0.0_b77a5c561934e089_7780f78ea9286b2d.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.controls.ribbon_v4.0_4.0.0.0_b77a5c561934e089_f0c023acb7bafe74.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.extensions_v4.0_4.0.0.0_31bf3856ad364e35_472dc08bcbe9e0cb.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.web.applicationservices_v4.0_4.0.0.0_31bf3856ad364e35_68ccda43ca2f1ddf.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.speech_v4.0_4.0.0.0_31bf3856ad364e35_cc6ea888502ba313.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.web_v4.0_4.0.0.0_31bf3856ad364e35_9664587824984869.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.washosting_v4.0_4.0.0.0_b77a5c561934e089_fcc9ffe6a33d9e56.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.internals_v4.0_4.0.0.0_31bf3856ad364e35_648841c36e579803.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.discovery_v4.0_4.0.0.0_31bf3856ad364e35_77886dd12f6a8907.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.channels_v4.0_4.0.0.0_31bf3856ad364e35_3b879384d8488ea3.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel.activities_v4.0_4.0.0.0_31bf3856ad364e35_6a8dabdd0e877c8e.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.servicemodel_v4.0_4.0.0.0_b77a5c561934e089_b63f15dceb7fa3d7.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.security_v4.0_4.0.0.0_b03f5f7f11d50a3a_b1f6c453104409f9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.runtime.serialization_v4.0_4.0.0.0_b77a5c561934e089_f6fb5cdd6113e4c9.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel.services_v4.0_4.0.0.0_b77a5c561934e089_9152e5e9cf585ca0.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.identitymodel_v4.0_4.0.0.0_b77a5c561934e089_b5d483bcf27e78c2.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.drawing.design_v4.0_4.0.0.0_b03f5f7f11d50a3a_251fc3e264cdd5af.cdf-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.deployment_v4.0_4.0.0.0_b03f5f7f11d50a3a_e63bb68aefb0cd4a.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.core_v4.0_4.0.0.0_b77a5c561934e089_18d3047bb5729e36.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.configuration_v4.0_4.0.0.0_b03f5f7f11d50a3a_d8a1d11d04cdf6db.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.activities_v4.0_4.0.0.0_31bf3856ad364e35_bdef15cb807505c8.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system_v4.0_4.0.0.0_b77a5c561934e089_4348a29e5981af79.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_smdiagnostics_v4.0_4.0.0.0_b77a5c561934e089_8a46d250f4d4a9d0.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework-systemdata_v4.0_4.0.0.0_b77a5c561934e089_89b90455552a8828.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework_v4.0_4.0.0.0_31bf3856ad364e35_b57a3b1abb4f9cb2.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_media_401039ffa1d92906.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_measuredboot_ab1fadc53c86b337.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_livekernelreports_13126bbee8c1252a.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_l2schemas_d7bb5637381de58c.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_installer_0d1280e2e633dc00.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_0000_43733b07fe2eb83f.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_uk-ua_81821ab078b67e81.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_d76332102e6a9a22.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_view_34ee44a07ef70449.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_systemsettings_assets_6ba5b2461d9725af.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_settings_08eec740d2195455.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_ru-ru_81ee2cd677c35139.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_pris_a05890fcf353f1d8.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_images_2e6232377292b2dc.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_en-us_83c2a5ee73a54528.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_identitycrl_e7d9c9e97cfb8b01.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_time_zone_08f498d155d3913e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_icu_0b932b2a9cc9f858.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_0600d0deecd2b5a2.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_settings_56f8a3f40ce5a801.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_diagtrack_scenarios_ce5f6e43b7ab3f41.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_containers_serviced_07c9b2b35f82b615.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_basebrd_uk-ua_7027bafd15acef2f.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_branding_basebrd_ru-ru_6a7478bf1e39d397.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_misc_pcat_6b00b12988eafd38.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_bcastdvr_fab1ebc0dbf2dacb.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appreadiness_b6ba89081e320d85.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_ru-ru_2241de14530ccc00.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_en-us_098dc872781aebb9.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_customsdb_3bf1ff155493adb9.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_2adff76bea4847ec.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_custom64_12107ab6726c35e5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_33781004733ffeee.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_8c076a3be22985a1.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_videos_20f7329ef941f593.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_pictures_f5e7b0c0fda4db8c.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_music_8c1f3dc399e79184.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_libraries_de6591322faedac0.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_downloads_631cc37cff593fe6.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_documents_70461e22eba239ef.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_desktop_2377dac7383055bd.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_videos_4078dfd58aff2cd5.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_saved_games_57aaea1c026aa551.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_pictures_209185c2b71537e4.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_music_4066f7392302d756.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_links_4064ed15230be7d0.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_favorites_d09a481c8ccc2a28.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_downloads_d0a063ac92c2c070.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_documents_a9a4e48ccdf32dcf.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_desktop_39aa59e1159d1203.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_templates_9327e87141b4e78f.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_8181428e5873cb4e.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_programs_accessibility_1fe25fac404028a8.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_sendto_cc2b2363b7303311.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_recent_ca449f9bba09f987.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_network_shortcuts_cbcbd4ac7028a985.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_internet_explorer_quick_launch_c0ec1d6b06e5808b.cdf-ms Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_bc5dd6ae41aaaeeb.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_temp_3274946c96022019.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_3433db0fbe07ab7f.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windowsapps_522fbbfd57c17136.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_9e28651fd972d480.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcookies_706c818672b5499f.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcache_93b6f38324ca2118.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_history_f4337fe0129e212c.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_gameexplorer_5a14824a005868dd.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_inputpersonalization_traineddatastore_77a848f48ef56331.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_windowsholographicdevices_da35b7d83993eebe.cdf-ms Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_windowsholographicdevices_spatialstore_d5a1eb12b1c88209.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoshared_logs_user_cc47ba2ac1c4ac78.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoshared_logs_system_1d654048a9eadf5a.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_usoprivate_f18983166baec8e8.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_ssh_538e540ae643d2cc.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_softwaredistribution_ae0bdc9bb1bbdfab.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_ef9cc294168a8b97.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_logs_d0133fe6679072ac.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_health_advisor_caf4bd491726b327.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msscan_549c401cd5c756f4.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_b4e458a72482d5c6.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_343012079dc9af5d.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_uk-ua_bac5b49ccb4ddb64.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_virtualinbox_ru-ru_b512725ed3dabfcc.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_642a277e0ccb775c.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_uk-ua_ec85aaa7890bff5d.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_common_coverpages_ru-ru_ecf1bccd8818d215.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_nt_msfax_activitylog_02f89ec2f88038bb.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_827f103853495477.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_trace_948df0f7e3c42652.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_temp_7268e2d9fd6b25f5.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_temp_psscriptoutputs_3a0e1d2536445291.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_downloads_9aff56413f03e0ba.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_datacollection_a0b92996ab2dc299.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cyber_946bea51e45d4954.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cache_946bebb1e45d47cb.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wfp_1409fc168e700932.cdf-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_temp_783673b09e921b6b.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportqueue_9ca35f30fc68b178.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportarchive_5449504010b82c41.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_templates_15e72976404301fc.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_system_tools_fde5decba5bb578b.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_startup_b13751030220a596.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_administrative_tools_50eba26877c48094.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessories_bb30590aa3d31891.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_accessibility_1152534229f98ea5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_retaildemo_235295a6167f1c31.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_parental_controls_bea881b14dc7da94.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_parental_controls_settings_8a26e500c57de871.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_packagedeventproviders_c79719361ec06661.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_onesettings_d58936a49a7f4b26.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_hyper-v_ec14034f175d876e.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_gameexplorer_eb83b477ca9834cc.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_2e1ff34936d2e8e5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_en-us_cc94fe8746890b55.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_debc96072b71b0d5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_install_149a5029c4c64782.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_import_865699c21a2ad5a2.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_genuineticket_d7322dcf4073011e.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_archive_f622c70ff2ada08b.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_3e49394d38e6ac94.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_packages_711aa2dd7039ca9d.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_families_5e2e105f8c5e974e.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_vault_72f09c1eedd2d856.cdf-ms Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_user_account_pictures_eceaafe818cb6141.cdf-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_storage_health_9e678c58bd8432a1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_speech_onecore_587c58cfbeda0062.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_spectrum_1dcb4f178cfd5701.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_929be8282aecbf17.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_8fbe865af4949dd7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_cellularux_843105bb528cd98c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_network_downloader_7fafaef6d33e4371.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_mapdata_ce9aee460ee372ae.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_device_stage_task_07deb856-fc6e-4fb9-8add-d8f2cf8722c9__0ce7c057892d5774.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_device_stage_device_8702d817-5aad-4674-9ef3-4d3decd87120__8740ea4a07ab72cd.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_crypto_pcpksp_windowsaik_cb9775b914a8e5a2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_appv_setup_c6b9e738c86ef84a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_photo_viewer_a7a2292bcc87c94b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_e9607c93dd43c2ea.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_network_sharing_f29a3dd721834a7e.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_media_player_media_renderer_750773e49fdbfa5b.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_windows_mail_fc7b184dbf576a4a.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_681b9383b994c86d.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ole_db_17fcdbc86fee8f8b.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_msadc_607f0693c9effa29.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ado_32a3d3ab7409acd3.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_635c287ec97ec0a5.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_ink_9d0caff456d5ade1.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_microsoft_shared_ink_hwrcustomization_3663d5717756d7ef.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_8909e9aceeb80d44.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_mutablebackup_726f6fa1fbd23cbc.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_mutable_4773d03dc650afca.cdf-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_deleted_382e0caddd5f5e75.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_photo_viewer_6eb173d8debcda9a.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_network_sharing_aed05552f451fd7d.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_media_player_media_renderer_5001a1a5de706f6e.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_096829c909d5eb56.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_uk-ua_a702ed13715d26f7.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_ru-ru_a6fcec2d71782bff.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_en-us_a6e2e55771ed49c8.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_classification_47699381a5289670.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_classification_configuration_e1d4288a0384bffc.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_offline_072b9e24a7f3689a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_modifiablewindowsapps_230f2b3b95f10a16.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_b13078daf1286f60.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_ole_db_48d1b11cd4e5cabe.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_msadc_48cda3763ecb3874.cdf-ms Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_textconv_dfb016a4185c8725.cdf-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_hwrcustomization_198fbcb0f379ad82.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$recycle.bin.cdf-ms Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\micaut.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mip.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\wab32.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\wab32res.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\ado\msado15.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msadce.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\msadc\msadco.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\System\Ole DB\oledb32.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncPS.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseMirror.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\SenseCE.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\en-US\MsSense.exe.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\ru-RU\MsSense.exe.mui Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\uk-UA\MsSense.exe.mui Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Mail\wabimp.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Media Player\wmprph.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\wab32.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\wab32res.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\ado\msado15.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msadce.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\msadc\msadco.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Mail\wabimp.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Media Player\wmprph.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bfsvc.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\splwow64.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\AcRes.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\drvmain.sdb Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\msimain.sdb Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\sysmain.sdb Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\en-US\AcRes.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\ru-RU\AcRes.dll.mui Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bcastdvr\KnownGameList.bin Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys.bin Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys_noprompt.bin Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-ploc\bootmgr.exe.mui Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Branding\Basebrd\ru-RU\basebrd.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Branding\Basebrd\uk-UA\basebrd.dll.mui Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\DiagTrack\RunExeActionAllowedList.dat Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezoneMapping.xml Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezones.xml Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\tzautoupdate.dat Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxblockmap.xml Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxmanifest.xml Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\appxsignature.p7x Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettings.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\Telemetry.Common.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\en-US\SystemSettings.exe.mui Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\ru-RU\SystemSettings.exe.mui Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\Settings\AllSystemSettings_{253E530E-387D-4BC2-959D-E6F86122E5F2}.xml Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ImmersiveControlPanel\uk-UA\SystemSettings.exe.mui Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\apps.inf Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\printupg.inf Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\sceregvl.inf Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\secrecs.inf Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:20 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.configuration.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Data.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.RegularExpressions.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\CloudContent.admx Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\Multitasking.admx Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WindowsUpdate.admx Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\CloudContent.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\DataCollection.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\Multitasking.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WindowsUpdate.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\CloudContent.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\DataCollection.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\Multitasking.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\ru-RU\WindowsUpdate.adml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxblockmap.xml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxmanifest.xml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\appxsignature.p7x Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PrintDialog\PrintDialog.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning.dat Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Cosa\Microsoft\Microsoft.Windows.Cosa.Desktop.Client.ppkg Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Battery.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Button.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Control.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Disk.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Display.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Graphics.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.IdleResiliency.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.PCIExpress.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Processor.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.Settings.Sleep.ppkg Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\TrustedInstaller.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\servicing\Editions\EditionMatrix.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\TaskFlowUI.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\JumpViewUI.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\NetworkUX.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleBarContainer.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleBarFlyout.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleBarJumpView.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleCommonControls.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeoplePane.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\QuickActions.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\ShoulderTapView.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadcloudap.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadWamExtension.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AarSvc.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AboutSettingsHandlers.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AboveLockAppHost.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\accessibilitycpl.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcGenral.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acmigration.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcSpecfc.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActionCenterCPL.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActivationManager.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\activeds.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\activeds.tlb Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActiveSyncProvider.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\actxprxy.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdmTmpl.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\adsldpc.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\advapi32.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aeinv.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepic.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntime.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntimestarter.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\agentactivationruntimewindows.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aitstatic.exe Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\amsi.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\amsiproxy.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APHostService.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APMon.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppContracts.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppExtension.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apphelp.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidapi.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidcertstorecheck.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidpolicyconverter.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidsvc.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appidtel.exe Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appinfo.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appinfoext.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplicationFrame.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppLockerCSP.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplySettingsTemplateCatalog.exe Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplyTrustOffline.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appmgmts.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppointmentActivation.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppReadiness.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppResolver.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApproveChildRequest.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVCatalog.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVClientPS.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVDllSurrogate.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntStreamingManager.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystemController.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystems64.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntVirtualization.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appvetwclientres.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appvetwstreamingux.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVFileSystemMetadata.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVIntegration.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVManifest.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVNice.exe Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVOrchestration.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVPolicy.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVPublishing.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVReporting.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVScripting.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVSentinel.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVShNotify.exe Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVStreamingUX.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVStreamMap.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVTerminator.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appwiz.cpl Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxAllUserStore.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXApplicabilityBlob.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxApplicabilityEngine.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.desktop.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.onecore.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSip.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSysprep.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessManager.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\assignedaccessmanagersvc.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessRuntime.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atl.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atlthunk.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\atmlib.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiodg.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEndpointBuilder.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEng.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AUDIOKSE.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audioresourceregistrar.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioSes.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiosrv.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\auditpol.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\auditpolcore.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authui.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\authz.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autopilot.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\autoplay.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\avrt.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AxInstSv.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AxInstUI.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\azroles.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\backgroundTaskHost.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BarcodeProvisioningPlugin.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bash.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcdboot.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BCP47Langs.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BCP47mrm.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcrypt.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcryptprimitives.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdechangepin.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdesvc.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BdeUISrv.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bindfltapi.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingMaps.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioCredProv.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioIso.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bisrv.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerCsp.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\biwinrt.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BluetoothApis.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BootMenuUX.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BTAGService.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bthprops.cpl Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BthRadioMedia.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cabinet.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CameraCaptureUI.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessManager.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessManagerClient.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\capauthz.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CaptureService.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\catsrv.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CBDHSvc.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdosys.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdp.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdprt.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpsvc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpusersvc.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cellulardatacapabilityhandler.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certca.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertEnroll.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CertEnrollCtrl.exe Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\certprop.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cfgbkend.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cfgmgr32.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakradiag.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakrathunk.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cic.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CIDiag.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clbcatq.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipboardServer.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Clipc.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipSVC.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipUp.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cloudAP.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudDomainJoinDataModelServer.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHost.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostBroker.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostBroker.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostCommon.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CloudExperienceHostUser.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clusapi.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmd.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmdial32.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmintegrator.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\colbact.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coloradapterclient.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\combase.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comctl32.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comdlg32.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coml2.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTelRunner.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSrv.exe Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSup.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\compstui.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\computecore.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\comsvcs.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\configmanager2.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\conhost.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\consent.exe Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ConsoleLogon.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\container.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContentDeliveryManager.Utilities.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\control.exe Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\convertvhd.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coredpus.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\coreglobconfig.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreMas.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreMessaging.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreShell.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreShellAPI.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CoreUIComponents.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CPFilters.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredDialogBroker.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialEnrollmentManager.exe Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialEnrollmentManagerForUser.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredProvDataModel.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovs.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credui.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\crypt32.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptbase.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptcatsvc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptdll.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptext.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptnet.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptngc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CryptoWinRT.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptsp.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptui.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscdll.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CscMig.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscsvc.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CustomInstallExec.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CXHProvisioningServer.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d2d1.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10warp.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d11.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3D12.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d8thk.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d9.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3DCompiler_47.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3DSCache.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dab.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAFMCP.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DafPrintProvider.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dafWfdProvider.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DAMM.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\das.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataExchange.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataStoreCacheDumpTool.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\davclnt.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\davhlpr.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\daxexec.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbgcore.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dbghelp.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dciman32.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcntel.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcomp.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DefaultHrtfs.bin Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragproxy.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragres.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\defragsvc.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\deploymentcsps.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopSwitcherDataModel.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevDispItemProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devenum.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCensus.exe Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceDirectoryClient.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceDriverRetrievalClient.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceEnroller.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicePairingExperienceMEM.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceReactivation.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSetupManager.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DevicesFlowBroker.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceSoftwareInstallationClient.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devinv.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devobj.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devrtl.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dggpext.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore6.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcsvc6.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DHolographicDisplay.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagCpl.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagnosticdataquery.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagnosticInvoker.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagperf.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvc.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dialclient.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dialserver.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directmanipulation.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directml.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\directxdatabaseupdater.exe Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diskperf.exe Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DismApi.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DispBroker.Desktop.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\djoin.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dllhost.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMAlertListener.ProxyStub.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcertinst.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcfgutils.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcmnutils.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmcsps.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenrollengine.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenterprisediagnostics.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmiso8601utils.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMPushRouterCore.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsapi.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnscacheugc.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsrslvr.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DolbyDecMFT.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\domgmt.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dosvc.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3api.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3mm.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3msm.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dot3svc.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dpapi.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dpapisrv.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drprov.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuthTxt.wim Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvsetup.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvstore.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsparse.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsreg.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsregcmd.exe Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsregtask.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsrole.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dsui.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dui70.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\duser.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dusmapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwm.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmredir.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWrite.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWWIN.EXE Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DXCore.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxdiagn.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxgi.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxgiadaptercache.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DXP.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DxpTaskSync.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxtrans.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapp3hst.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappcfg.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappgnui.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapphost.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eappprxy.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eapprovp.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EaseOfAccessDialog.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\easwrt.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeContent.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgeIso.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeManager.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditBufferTestHook.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditionUpgradeHelper.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EditionUpgradeManagerObj.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edpcsp.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edpnotify.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edputil.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efswrt.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enrollmentapi.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtClient.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtSvc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseDesktopAppMgmtCSP.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterpriseresourcemanager.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ErrorDetails.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\esent.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eShims.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\evr.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExecModelClient.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\execmodelproxy.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ExplorerFrame.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Facilitator.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.Authentication.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Family.Client.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Faultrep.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FaxPrinterInstaller.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fcon.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdSSDP.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fdWSD.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FeatureToastDlpImg.png Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhcpl.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fhsettingsprovider.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fidocredprov.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FileHistory.exe Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\findnetprinters.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FirewallAPI.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FirewallControlPanel.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fixmapi.exe Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FlightSettings.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fltLib.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fltMC.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FntCache.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontext.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontsub.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\framedynos.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FrameServer.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FrameServerClient.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FsIso.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapibase.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvecpl.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveui.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvewiz.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwbase.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fwpolicyiomgr.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMEX.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMPOSE.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOMPOSERES.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSCOVER.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FXSUTILITY.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GameInput.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32full.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GdiPlus.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\generaltel.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Geolocation.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\glmf32.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\globinputhost.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\glu32.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpapi.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GPCSEWrapperCsp.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpedit.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpprefcl.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpscript.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpscript.exe Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpsvc.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpupdate.exe Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GraphicsCapture.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hgcpl.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hid.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hnsdiag.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hnsproxy.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HologramWorld.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HolographicExtensions.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HolographicRuntimes.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloShellRuntime.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloSI.PCShell.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HostNetSvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HrtfApo.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\httpapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvax64.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvix64.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvloader.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvsievaluator.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvsigpext.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HvsiManagementApi.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HvSocket.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Hydrogen.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasads.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasnap.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iasrecst.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iassdo.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icfupgd.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icm32.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IcsEntitlementHost.exe Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icu.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icuin.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icuuc.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieapfltr.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieframe.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iemigplugin.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieproxy.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IESettingSync.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imagehlp.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi2.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imapi2fs.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\imm32.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ImplatSetup.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IndexedDbLegacy.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InkEd.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InkObjCore.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputHost.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputLocaleManager.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputSwitch.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallService.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallServiceTasks.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\intl.cpl Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\invagent.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IPHLPAPI.DLL Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iprtprio.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iprtrmgr.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iri.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ISM.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9diag.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jsproxy.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd101.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd106.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kbd106n.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KBDJPN.DLL Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KBDUS.DLL Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kdhvcom.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kerberos.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel.appcore.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel32.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KernelBase.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\keyiso.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KnobsCore.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KnobsCsp.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ktmw32.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguageOverlayUtil.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LaunchTM.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LaunchWinApp.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManager.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerApi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicenseManagerSvc.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\licensingdiag.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingWinRT.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\linkinfo.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localspl.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localui.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationApi.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFramework.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkInternalPS.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LocationFrameworkPS.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppBroker.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppHost.exe Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockController.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockHostingFramework.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\logman.exe Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\logoncli.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LogonController.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpasvc.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpk.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpkinstall.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MaintenanceUI.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapGeocoder.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mapi32.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mapistub.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapRouter.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsStore.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mavinject.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBMediaManager.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBR2GPT.EXE Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAgent.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAppInstaller.exe Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnostics.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnosticsTool.exe Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmlocalmanagement.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmmigrator.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmpostprocessevaluator.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmregistration.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf3216.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfasfsrcsnk.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42u.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFCaptureEngine.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfds.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmjpegdec.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmp4srcsnk.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmpeg2srcsnk.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetcore.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfnetsrc.dll Handle ID: 0x94 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfplat.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsensorgroup.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mi.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\microsoft-windows-system-events.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Bluetooth.Service.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.AppAgent.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.CommonBridge.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.ConfigWrapper.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.CscUnpinTool.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.ModernAppAgent.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Office2010CustomActions.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.PrinterCustomActions.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountCloudAP.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountExtension.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountTokenProvider.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MicrosoftAccountWAMExtension.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\midimap.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migisol.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastReceiver.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MiracastReceiverExt.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MitigationConfiguration.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\miutils.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MixedReality.Broker.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mlang.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmc.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmcndmgr.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MMDevAPI.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mobilenetworking.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\modernexecserver.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MoUsoCoreWorker.exe Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MP4SDECD.DLL Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mpg2splt.ax Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mpr.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprddm.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprdim.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MPSSVC.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MrmCoreR.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msaatext.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msacm32.drv Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAProfileNotificationHandler.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msasn1.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAudDecMFT.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msauserext.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mscms.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctf.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsCtfMonitor.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctfp.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msftedit.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.tlb Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtmled.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msi.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msidcrl40.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msimg32.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msimsg.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msisip.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msIso.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mskeyprotcli.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mskeyprotect.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msls31.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msmpeg2vdec.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msra.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msrahc.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msscntrs.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssitlb.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MsSpellCheckingFacility.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssph.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssvp.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msTextPrediction.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstsc.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstscax.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msutb.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msv1_0.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcp110_win.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcp_win.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcrt.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVidCtl.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvproc.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSWB7.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswmdm.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswsock.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3r.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6r.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MtcModel.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MuiUnattend.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\musdialoghandlers.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotification.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotificationUx.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotifyIcon.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusUpdateHandlers.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NapiNSP.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Narrator.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncobjapi.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncpa.cpl Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncrypt.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptprov.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptsslp.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncsi.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ndadmin.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\net1.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netapi32.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netbtugc.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netcenter.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetDriverInstall.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netlogon.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netman.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netprofm.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netprofmsvc.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupApi.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupEngine.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupSvc.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netshell.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netutils.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkQoSPolicyCSP.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkStatus.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\newdev.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\newdev.exe Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NFCProvisioningPlugin.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NfcRadioMedia.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrSvc.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcIso.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcpopkeysrv.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcsvc.dll Handle ID: 0x98 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngctasks.dll Handle ID: 0xa4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ninput.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlaapi.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlasvc.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlmproxy.dll Handle ID: 0xac Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlmsprep.dll Handle ID: 0x70 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nltest.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\normaliz.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\notepad.exe Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationController.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationControllerPS.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\npmproxy.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NPSM.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshwfp.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntasn1.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdsapi.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntlanman.dll Handle ID: 0xf4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntmarta.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntshrui.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\odbcconf.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oemlicense.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offlinesam.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ole32.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacc.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleacchooks.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleaut32.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleprn.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmclient.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OnDemandConnRouteHelper.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneCoreCommonProxyStub.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneCoreUAPCommonProxyStub.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpcServices.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\opengl32.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OpenWith.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\P2P.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pacjsworker.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PasswordEnrollmentManager.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcacli.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcadm.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcaevts.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcalua.exe Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcasvc.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcaui.dll Handle ID: 0xb4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PCPKsp.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PCShellCommonProxyStub.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pdh.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDist.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistAD.dll Handle ID: 0xf8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistCleaner.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistHttpTrans.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistSvc.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistWSDDiscoProv.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeopleBand.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfctrs.dll Handle ID: 0xd0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfdisk.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfnet.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfos.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfproc.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneService.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhoneServiceRes.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhotoMetadataHandler.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PhotoScreensaver.scr Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PickerPlatform.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pkeyhelper.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PktMon.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pku2u.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToManager.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnidui.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PnPUnattend.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnputil.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnrpnsp.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pnrpsvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:21 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanager.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanagerprecheck.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\powercpl.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\powrprof.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Print.Workflow.Source.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintBrmUi.exe Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\printui.exe Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintWorkflowProxy.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintWorkflowService.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PrintWSDAHost.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\prnntfy.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profext.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvc.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvcext.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\propsys.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provdatastore.dll Handle ID: 0x100 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provdiagnostics.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provengine.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provhandlers.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provisioningcsp.dll Handle ID: 0x120 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provmigrate.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provops.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ProvPluginEng.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\provtool.exe Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psisdecd.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PsmServiceExtHost.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\psmsrv.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiapi.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\puiobj.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PushToInstall.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qdvd.dll Handle ID: 0xec Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qedit.dll Handle ID: 0x68 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\qmgr.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\quartz.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\QuickActionsDataModel.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\QuietHours.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RADCUI.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasapi32.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\raschap.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rascustom.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasdlg.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasgcw.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasman.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasmans.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RasMediaManager.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RASMM.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasplap.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastls.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpclip.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpencom.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpinit.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RdpRelayTransport.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpserverbase.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpsharercom.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpshell.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpviewerax.dll Handle ID: 0x90 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDVGHelper.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDXTaskFactory.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgent.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgentc.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\recovery.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RecoveryDrive.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\regapi.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\relog.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\remoteaudioendpoint.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemoteFXvGPUDisablement.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RemovableMediaProvisioningPlugin.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\reseteng.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngine.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngine.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngOnline.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourceMapper.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourcePolicyClient.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourcePolicyServer.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\resutils.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RjvMDMConfig.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RMapi.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rmclient.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RpcEpMap.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcrt4.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcss.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rsaenh.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rtm.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RTMediaFrame.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rtutils.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RTWorkQ.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\runexehelper.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RuntimeBroker.exe Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samcli.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samlib.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samsrv.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardBi.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardDlg.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SCardSvr.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ScDeviceEnum.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scecli.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scesrv.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schannel.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schedsvc.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ScriptRunner.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\scrptadm.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdbinst.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdclt.exe Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdcpl.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdengin2.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdrsvc.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sdshext.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Search.ProtocolHandler.MAPI2.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchFilterHost.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchIndexer.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchProtocolHost.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecConfig.efi Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sechost.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\secur32.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityCenterBroker.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityCenterBrokerPS.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthAgent.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthHost.exe Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthProxyStub.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthService.exe Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SEMgrSvc.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorsApi.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\services.exe Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sethc.exe Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsEnvironment.Desktop.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_AnalogShell.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Clipboard.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Cortana.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Gpu.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_InputPersonalization.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Language.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_nt.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_PCDisplay.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_SIUF.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_SpeechPrivacy.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncCore.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupapi.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupcl.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupcln.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupugc.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sfc.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sfc_os.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmBroker.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmEnclave.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmEnclave_secure.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmLpac.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShareHost.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sharemediacpl.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SHCore.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shell32.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShellCommonCommonProxyStub.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shimeng.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shlwapi.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shutdownux.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SIHClient.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slc.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slcext.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slui.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartcardCredentialProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreen.exe Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreenps.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smbwmiv2.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpaceAgent.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpaceControl.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatialAudioLicenseSrv.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatializerApo.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spbcd.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Spectrum.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spinf.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spoolsv.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spopk.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppc.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcext.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcomapi.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SppExtComObj.Exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppnp.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppobjs.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppsvc.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppwinob.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spwizeng.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SRH.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmclient.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srmscan.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srpapi.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srvcli.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdm.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdpapi.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ssdpsrv.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StartTileData.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StateRepository.Core.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sti.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorageUsage.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storewuauth.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorSvc.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StructuredQuery.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sud.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\svchost.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\swprv.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sxs.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sxstrace.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncAppvPublishingServer.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncCenter.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SyncSettings.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\syncutil.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysmain.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SysResetErr.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\systemcpl.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemEventsBrokerClient.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\systemreset.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.DataModel.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettings.Handlers.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsBroker.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemUWPLauncher.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tapi3.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tapi32.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tapisrv.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskbarcpl.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskcomp.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TaskFlowDataEngine.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskhostw.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Taskmgr.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskschd.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tbauth.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tbs.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdc.ocx Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdh.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TDLMigration.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tellib.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TempSignedLicenseExchangeTask.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\termmgr.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringclient.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringconfigsp.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputFramework.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextInputMethodFormatter.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TextShaping.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\themecpl.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\threadpoolwinrt.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\thumbcache.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tier2punctuations.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TileDataRepository.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TimeBrokerClient.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TimeBrokerServer.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tokenbinding.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBroker.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBrokerCookies.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmCertResources.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmCoreProvisioning.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tracerpt.exe Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TransportDSA.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tscfgwmi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSErrRedir.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsf3gip.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsgqec.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tsmf.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.appcore.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.appcore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.pcshell.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\typeperf.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tzres.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase_enclave.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\udhisapi.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uDWM.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UiaManager.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAnimation.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIAutomationCore.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIManagerBrokerps.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UIMgrBroker.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpdc.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpnpmgr.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\unenrollhook.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpdateAgent.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatecsp.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpdateDeploymentProvider.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatepolicy.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnpcont.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upnphost.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\urlmon.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usbmon.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\user32.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserAccountControlSettings.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\useractivitybroker.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usercpl.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataTimeUtil.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDeviceRegistration.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDeviceRegistration.Ngc.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\userenv.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserLanguageProfileCallback.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgr.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgrcli.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserMgrProxy.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usoapi.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UsoClient.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usocoreworker.exe Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usosvc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usp10.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UtcDecoderHost.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\utcutil.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Utilman.exe Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uxlib.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uxtheme.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VAN.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Vault.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vaultcli.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vaultsvc.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbscript.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbssysprep.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\version.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vertdll.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vfpapi.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vfpctrl.exe Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vid.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VideoHandlers.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\virtdisk.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmbusvdev.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmchipset.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmcompute.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmcompute.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VmCrashDump.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmdynmem.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmiccore.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmprox.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmrdvcore.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsif.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsifcore.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsifproxystub.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsmb.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VmSynthNic.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmsynthstor.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmuidevices.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmusrv.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmvpci.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmwp.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmwpctrl.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vmwpevents.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vpnike.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VPNv2CSP.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vssapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vsstrace.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VSSVC.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32time.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32topl.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSAssessment.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicAgent.exe Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicCapsule.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicPS.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicSvc.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WalletService.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wavemsp.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbemcomn.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbengine.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbiosrvc.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wc_storage.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmcsp.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wdigest.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wdscore.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebcamUi.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webio.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webplatstorageserver.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebRuntimeManager.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webservices.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Websocket.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wer.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werconcpl.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wercplsupport.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werdiagcontroller.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerEnc.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\weretw.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFault.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFaultSecure.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wermgr.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wersvc.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werui.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtapi.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtsvc.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wfapigp.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wfdprov.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFS.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WFSR.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaaut.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiarpc.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiaservc.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wiatrace.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiFiConfigSP.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifidatacapabilityhandler.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifinetworkmanager.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wifitask.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimgapi.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimserv.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32appinventorycsp.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Win32CompatibilityAppraiserCSP.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32k.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32spl.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32u.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioDataModel.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioDataModelOOBE.exe Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winbrand.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wincorlib.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowManagement.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowManagementAPI.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AccountsControl.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AI.MachineLearning.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Background.SystemEventsBroker.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Background.TimeBroker.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.ConversationalAgent.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.conversationalagent.internal.proxystub.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.conversationalagent.proxystub.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Core.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.applicationmodel.datatransfer.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.Schema.Shell.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.Desktop.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Activities.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Pdf.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.AllJoyn.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Bluetooth.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Enumeration.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Lights.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.LowLevel.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Midi.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Perception.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Picker.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.PointOfService.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Sensors.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SerialCommunication.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SmartCards.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SmartCards.Phone.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Usb.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.WiFiDirect.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Energy.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.FileExplorer.Common.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.Input.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Gaming.Preview.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.3D.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.Workflow.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.Workflow.Native.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Bluetooth.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.CapturePicker.Desktop.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.CapturePicker.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Devices.Sensors.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Feedback.Analog.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Management.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.PlatformExtension.DevicePickerExperience.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.SecurityMitigationsBroker.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Shell.Broker.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.AccountsControlExperience.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.shareexperience.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Signals.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.System.UserProfile.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Taskbar.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Provisioning.ProxyStub.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Service.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Management.Workplace.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Audio.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Devices.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.FaceAnalysis.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Import.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.MediaControl.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Ocr.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Protection.PlayReady.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Speech.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Mirage.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Mirage.Internal.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Connectivity.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.HostName.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.NetworkOperators.ESim.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Vpn.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Payments.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Perception.Stub.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Identity.Provider.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Credentials.UI.CredentialPicker.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Services.TargetedContent.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepository.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryBroker.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryClient.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryCore.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryPS.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryUpgrade.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.ApplicationData.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.storage.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.Search.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Diagnostics.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Launcher.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.HardwareId.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.RetailInfo.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.System.Profile.SystemId.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.AppDefaults.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Core.TextInput.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.CredDialogController.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.FileExplorer.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Immersive.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Input.Inking.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Internal.Input.ExpressiveInput.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Search.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Storage.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Controls.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.Resources.Common.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.Http.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecs.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsExt.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsCodecsRaw.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsdefenderapplicationguardcsp.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowslivelogin.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsManagementServiceWinRt.ProxyStub.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsperformancerecordercontrol.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windowsudk.shellcommon.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winhttp.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinHvEmulation.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininet.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininit.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininitext.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Winlangdb.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winlogon.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmde.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winmm.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinREAgent.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winrnr.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winspool.drv Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winsta.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wintrust.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinTypes.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiredNetworkCSP.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkscli.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkspbrokerAx.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wksprt.exe Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanapi.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlancfg.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WLanConn.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlangpui.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanhlp.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMediaManager.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanMM.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanmsm.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WlanRadioManager.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansec.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvc.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvcpal.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanui.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wldap32.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wldp.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlgpclnt.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidcli.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidcredprov.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidfdp.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidnsp.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidprov.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlidsvc.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOD.DLL Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOE.DLL Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmiclnt.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmidcom.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmidx.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMNetMgr.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmp.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmpdxm.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmsgapi.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMSPDMOE.DLL Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVCORE.DLL Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMVDECOD.DLL Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WordBreakers.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkFolders.exe Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkfoldersControl.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WorkFoldersShell.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\workfolderssvc.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wosc.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64cpu.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wow64win.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wowreg32.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wpc.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcApi.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcDesktopMonSvc.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcMon.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcProxyStubs.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcRefreshTask.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcTok.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpcWebFilter.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnapps.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnclient.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpncore.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnprv.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpr.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ws2_32.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsecedit.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshbth.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wshext.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wship6.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSHTCPIP.DLL Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsl.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wslconfig.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAgent.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSManHTTPConfig.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSManMigrationPlugin.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmAuto.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsmplpxy.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsmprovhost.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmRes.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmSvc.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmWmiPl.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_fs.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_health.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsqmcons.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wtsapi32.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapi.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuauclt.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuaueng.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuceffects.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WUDFx02000.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wudriver.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups2.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhext.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhosdeployment.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wvc.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWAHost.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWanAPI.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanmm.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwanprotdim.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WwanRadioManager.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XamlTileRender.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XblAuthManager.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XboxGipRadioManager.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XboxNetApiSvc.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xmllite.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\XpsPrint.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\xpsservices.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AdvancedInstallers\cmiv2.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppV\AppVStreamingUX.exe Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ar-SA\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.efi Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Com\comadmin.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\de-DE\comdlg32.dll.mui Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.Packaging.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Proxy.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\KernelTraceControl.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\AppxProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\AssocProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\CbsProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DismCore.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DismProv.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\DmiProvider.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\FfuProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\FolderProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\GenericProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ImagingProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\IntlProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\MsiProvider.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\OfflineSetupProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\OSProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\ProvProvider.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SetupPlatformProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SmiProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SysprepProvider.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\TransmogProvider.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\UnattendProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\VhdProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\WimProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\afunix.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\agilevpn.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\appid.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\applockerfltr.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bindflt.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cldflt.sys Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ClipSp.sys Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\csc.sys Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\hvservice.sys Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\IndirectKmd.sys Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\KNetPwrDepBroker.sys Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\MbbCx.sys Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mmcss.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msgpioclx.sys Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msquic.sys Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\NdisImPlatform.sys Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\NetAdapterCx.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nwifi.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\PEAuth.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\PktMon.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rassstp.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\scfilter.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srvnet.sys Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tbs.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UcmUcsiCx.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\vfpext.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdiWiFi.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wimmount.sys Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\tcpip.sys.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ru-RU\tcpip.sys.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\uk-UA\tcpip.sys.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\IddCx.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\el-GR\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\appraiser.dll.mui Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppReadiness.dll.mui Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppXDeploymentServer.dll.mui Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AxInstSv.dll.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AxInstUI.exe.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\bootux.dll.mui Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\CustomInstallExec.exe.mui Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\diagtrack.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dmenterprisediagnostics.dll.mui Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\fcon.dll.mui Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\FirewallAPI.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\HostNetSvc.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ieframe.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\kernel32.dll.mui Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\KernelBase.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\microsoft-windows-system-events.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\msacm32.drv.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusUpdateHandlers.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\netmsg.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\PktMon.exe.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\remotefxvgpudisablement.resources.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\SecurityHealthAgent.dll.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ShareHost.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\shell32.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\smbwmiv2.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\tzres.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\umrdp.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\UpdatePolicy.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\utcutil.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\vmsmb.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\vmwpevents.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wbiosrvc.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Windows.System.Launcher.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\Wpc.dll.mui Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\WpcMon.exe.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\wsecedit.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\es-MX\comdlg32.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12AppFrame.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\F12AppFrame2.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\IEChooser.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\F12\perfcore.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\imjpcus.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\IMJPTIP.DLL Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEKR\imkrapi.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMETIP.DLL Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\SHARED\IMJKAPI.DLL Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\LxssManager.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\LxssManagerProxyStub.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lxss\wslhost.exe Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppManMigrationPlugin.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppxUpgradeMigrationPlugin.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\dafmigplugin.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\msctfmig.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\pnpmig.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\shmig.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\sppmig.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\SxsMigPlugin.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\TileStoreMigrationPlugin.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WMIMigrationPlugin.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WpcMigration.Uplevel.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WSearchMigPlugin.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WsUpgrade.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\cmi2migxml.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\csiagent.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migcore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\mighost.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migres.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migstore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\MXEAgent.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\unbcl.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\chxmig.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\msctfmig.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\WMIMigrationPlugin.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\capi2_certs-repl.man Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\edpnotify-replacement.man Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\fveapi-replacement.man Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-Mup\MupMigPlugin.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-RasApi-Mig\pbkmigr.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-RasServer-MigPlugin\RasMigPlugin.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-TextServicesFramework-Migration\msctfmig.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nl-NL\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\audit.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\AuditShD.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\cmisetup.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\diagER.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\diagnostic.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobe.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobedui.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobeFirstLogonAnim.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\msoobeplugins.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\oobecoreadapters.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\oobeldr.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\pnpibs.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\Setup.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\SetupCleanupTask.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\spprgrss.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\unbcl.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\UserOOBE.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\UserOOBEBroker.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\W32UIImg.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\W32UIRes.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\wdsutil.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\win32ui.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\windeploy.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:22 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\WinLGDep.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\winsetup.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\en-US\OOBE_HELP_Opt_in_Details.htm Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\en-US\OOBE_HELP_Opt_in_Details.rtf Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\en-US\oobecoreadapters.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\OOBE_HELP_Opt_in_Details.htm Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\OOBE_HELP_Opt_in_Details.rtf Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\ru-RU\oobecoreadapters.dll.mui Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\uk-UA\OOBE_HELP_Opt_in_Details.htm Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\uk-UA\OOBE_HELP_Opt_in_Details.rtf Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\uk-UA\oobecoreadapters.dll.mui Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationInput.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationInput.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pl-PL\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pt-PT\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ro-RO\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\appraiser.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppReadiness.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AppXDeploymentServer.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AxInstSv.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\AxInstUI.exe.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\bootux.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\CustomInstallExec.exe.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\diagtrack.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\dmenterprisediagnostics.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\fcon.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FirewallAPI.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\FXSRESM.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpresult.exe.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\gpupdate.exe.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\HostNetSvc.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ieframe.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\kernel32.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\KernelBase.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\microsoft-windows-system-events.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\MusUpdateHandlers.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\netmsg.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\PktMon.exe.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\remotefxvgpudisablement.resources.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\SecurityHealthAgent.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\ShareHost.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\shell32.dll.mui Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\smbwmiv2.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\spwizres.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\tzres.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\umrdp.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\UpdatePolicy.dll.mui Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\utcutil.dll.mui Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmsmb.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\vmwpevents.dll.mui Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wbiosrvc.dll.mui Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.Media.Speech.UXRes.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Windows.System.Launcher.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\Wpc.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\WpcMon.exe.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ru-RU\wsecedit.dll.mui Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setup\RasMigPlugin.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShellExperiences\WindowsInternal.Xaml.Controls.Tabs.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Common\sapi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\TTS\MSTTSEngine.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\sapi_extensions.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\sapi_onecore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechBrokeredApi.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\SpeechServiceWinRTApi.ProxyStub.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\Windows.Speech.Dictation.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\Windows.Speech.Shell.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\prtprocs\x64\winprint.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\PrintBrm.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\PrintBrmEngine.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spool\tools\PrintBrmPs.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-pl-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-phn-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\DefaultPpd-csvlk-pack-ppdlic.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\DefaultPpd-Education-ppdlic.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-ppdlic.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\DefaultPpd-Enterprise-ppdlic.xrm-ms Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-ppdlic.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\DefaultPpd-IoTEnterprise-ppdlic.xrm-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\IoTEnterprise\IoTEnterprise-ppdlic.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\DefaultPpd-Professional-ppdlic.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-ppdlic.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-pl-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-pl-rtm.xrm-ms Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-phn-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-store-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\DefaultPpd-ProfessionalCountrySpecific-ppdlic.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-ppdlic.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-Retail-1-pl.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-Retail-1-ul-oob.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-Retail-1-ul-phn.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalCountrySpecific\ProfessionalCountrySpecific-Retail-1-ul-store.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\DefaultPpd-ProfessionalEducation-ppdlic.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-ppdlic.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Retail-1-pl-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalEducation\ProfessionalEducation-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\DefaultPpd-ProfessionalSingleLanguage-ppdlic.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-ppdlic.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-Retail-1-pl.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-Retail-1-ul-oob.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-Retail-1-ul-phn.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalSingleLanguage\ProfessionalSingleLanguage-Retail-1-ul-store.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\DefaultPpd-ProfessionalWorkstation-ppdlic.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-ppdlic.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-pl-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\DefaultPpd-ServerRdsh-ppdlic.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-pl.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-oob.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-phn.xrm-ms Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-NONSLP-1-ul-store.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-SLP-1-ul-oob.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-OEM-SLP-1-ul.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-ppdlic.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-pl.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-oob.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-phn.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Retail-1-ul-store.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-2-ul-oob.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-GVLK-2-ul.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-pl.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-oob.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-phn.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ServerRdsh\ServerRdsh-Volume-MAK-1-ul-store.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Sysprep\sysprep.exe Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemResetPlatform\RjvClassicApp.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\AppXDeploymentServer.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\bootux.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\CustomInstallExec.exe.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\diagtrack.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\FirewallAPI.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\FXSRESM.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\ieframe.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\MusUpdateHandlers.dll.mui Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\SecurityHealthAgent.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\ShareHost.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\shell32.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\smbwmiv2.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\spwizres.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\tzres.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\umrdp.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\UpdatePolicy.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\utcutil.dll.mui Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\Windows.System.Launcher.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\Wpc.dll.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\WpcMon.exe.mui Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\cimwin32.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv.mof Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\DMWmiBridgeProv1.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\esscli.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\fastprox.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\Microsoft.Uev.AgentWmi.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\mofcomp.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\mofd.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NCProv.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ndisimplatcim.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\netswitchteamcim.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\smbwmiv2.mof Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\unsecapp.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemcore.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemprox.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemsvc.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WinMgmt.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WinMgmtR.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMIADAP.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApRes.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApRpl.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiApSrv.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMICOOKR.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiDcPrv.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSD.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WmiPrvSE.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\WMIsvc.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wmiutils.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceBootstrapAdapter.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\winbiostorageadapter.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\HelloFace.cat Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\HelloFace.inf Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceDetectorResources.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceProcessor.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceProcessorCore.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapter.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResources_v4.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResourcesCore.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionEngineAdapterResourcesSecure.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapter.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterResources.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterVsm.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceRecognitionSensorAdapterVsmSecure.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\FaceTrackerInternal.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinBioPlugIns\FaceDriver\amd64\HelloFace.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbComponent.cdxml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1 Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.AI.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Data.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Devices.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Gaming.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Globalization.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Graphics.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Management.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Media.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Networking.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Perception.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Security.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Services.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Storage.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.System.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.UI.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.UI.Xaml.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WinMetadata\Windows.Web.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-TW\fms.dll.mui Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.winmd Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.winmd Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlUI.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\resources.pri Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\resources.pri Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentUI.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\resources.pri Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\Fonts\BioMDL2.ttf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\ecsystem.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\GazeInputInternal.winmd Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\GazeInteraction.winmd Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\resources.pri Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\resources.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Cortana.ObjectModel.winmd Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\NewTabPageHost.ObjectModel.winmd Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\resources.pri Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\appxmanifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\resources.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\App.xbf Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\iotassignedaccesslockframework.winmd Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\MainPage.xbf Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\resources.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellAppPresenters.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\resources.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\WindowsInternal.Shell.Experiences.Calling.winmd Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\WindowsInternal.Shell.Experiences.CallingShellAppControls.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\resources.pri Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AntiTheft.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\ApplicationTheme.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudDomainJoin.DataModel.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\cloudexperiencehostapi.provisioning.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostAPI.SyncSettings.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostAPI.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Account.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Cortana.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.Hello.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.LocalNgc.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.RetailDemo.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\CloudExperienceHostBroker.SyncEngine.winmd Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\ContentManagement.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\enterprisedevicemanagement.enrollment.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\enterprisedevicemanagement.service.winmd Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Family.Cache.winmd Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\microsoft.resourceaccountmanager.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.Extension.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.winmd Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.UserOperations.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\moderndeployment.autopilot.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo.Internal.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\SystemSettings.DataModel.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\UnifiedEnrollment.DataModel.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\userdeviceregistration.ngc.winmd Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\js\oobe-chrome-footer-vm.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\js\appLaunchers\ScoobeAccountState.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\oobeSections.json Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\navigation-scoobe.json Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\navigation.json Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\uriRules.json Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\environment.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\navigator.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\navmesh.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\syncengine.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\pris\resources.uk-UA.pri Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilotwhiteglovelanding-vm.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobelocalaccount-page.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobelocalaccount-vm.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningprogress-vm.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningstatus-page.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\oobeprovisioningstatus-vm.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\accountsetupcategoryviewmodel.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\bootstrapsessiongeneralutilities.js Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\devicepreparationcategoryviewmodel.js Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\devicesetupcategoryviewmodel.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\js\autopilot\mdmbootstrapsessionutilities.js Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobelocalaccount-main.html Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\resources.pri Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\resources.pri Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\App.xbf Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\ConfirmCloseContentDialog.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\MainPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorHomePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\OnlinePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\QuickStartOfflinePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\TileButton.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\WhatsNewOfflinePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\resources.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\BingConfigurationClient.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Cortana.Internal.Search.winmd Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Cortana.Search.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\resources.pri Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Search.Core.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.CppWinrt.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApi.ProxyStub.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\resources.pri Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIAppShell.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\pris\resources.uk-UA.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ActivationErrorDialog.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AddressBoxControl.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\App.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AssessmentPage.xbf Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ErrorPage.xbf Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\InformationalAlert.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LockdownDialog.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\NavigationLandingPage.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\NetworkConnectivityErrorPage.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\ProgressPage.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SchemaActivationEmptyPage.xbf Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessment_JSBridge.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessment_JSBridge.winmd Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartUI.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\resources.pri Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\App.xbf Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\GamingTcuiHelpers.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\GamingUI.XboxLive.InternalHelpers.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\MainPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\StyleDictionary.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.Resource.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.Shell.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.Tracing.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XboxExperienceServices.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Control\ErrorStatePane.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Control\GameProgress\GameProgressStatItem.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Control\GameProgress\GameProgressView.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Control\ProgressRing\ProgressRing.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Fonts\Icons.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\ConflictResolutionPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\ConnectedStorageHomePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\LockContentionPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\StopOrKeepSyncingPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\SyncFailurePage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\ConnectedStorage\SyncProgressPage.xbf Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Pages\DebugDashboard\DebugDashboard.xbf Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Resources\Colors_Dark.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Resources\Colors_HighContrast.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Resources\Colors_Light.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Resources\Resources.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Resources\Styles.xbf Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Themes\Generic.xbf Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LayoutData.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\resources.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping.winmd Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SuggestionUI.winmd Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInput.winmd Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputCommon.winmd Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppxMetadata\CodeIntegrity.cat Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\LayoutData.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\SuggestionUI.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInput.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputCommon.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\IrisService\IrisService.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClipping.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\windowsudk.winmd Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpBackgroundTasks.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpBackgroundTasks.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\resources.pri Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\resources.pri Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\pris\resources.en-US.pri Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\pris\resources.ru-RU.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\pris\resources.uk-UA.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ImeStatusNotification.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\InputDial.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Insights.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\PenWorkspace.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SharePickerUI.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\VirtualTouchpadUI.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.SoftLanding.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxblockmap.xml Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxmanifest.xml Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\appxsignature.p7x Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\authui.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Chakra.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\comdlg32.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\compstui.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\crypt32.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\cryptui.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\DataExchange.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\directml.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\dwmcore.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\EaseOfAccessDialog.exe.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\edgehtml.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\edputil.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ExplorerFrame.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\gpedit.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ieframe.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\intl.cpl.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\LaunchTM.exe.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mfplat.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msctf.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mshtml.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mssvp.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\mstscax.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msutb.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\msxml3.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\netshell.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\notepad.exe.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ntshrui.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\propsys.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasdlg.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasgcw.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rasplap.dll.mun Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\rastls.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\SearchIndexer.exe.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\sethc.exe.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\shell32.dll.mun Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\sppcomapi.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Taskmgr.exe.mun Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\tquery.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\twinui.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.Pdf.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Immersive.dll.mun Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Winlangdb.dll.mun Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wsecedit.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\wuapi.dll.mun Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\Microsoft.Windows.SecHealthUI.pri Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\Microsoft.Windows.SecHealthUI.en-US.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\Microsoft.Windows.SecHealthUI.ru-RU.pri Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\Microsoft.Windows.SecHealthUI.uk-UA.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ApplicationModel.LockScreen\Windows.ApplicationModel.LockScreen.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Windows.ParentalControlsSettings.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-100.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-100_contrast-black.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-100_contrast-white.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-125.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-125_contrast-black.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-125_contrast-white.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-150.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-150_contrast-black.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-150_contrast-white.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200_contrast-black.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200_contrast-white.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-400.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-400_contrast-black.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-400_contrast-white.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.PCShell\Windows.UI.PCShell.pri Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.en-US.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.ru-RU.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\pris\Windows.UI.SettingsAppThreshold.uk-UA.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\Windows.UI.SettingsHandlers-nt.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\pris\Windows.UI.SettingsHandlers-nt.en-US.pri Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\pris\Windows.UI.SettingsHandlers-nt.ru-RU.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsHandlers-nt\pris\Windows.UI.SettingsHandlers-nt.uk-UA.pri Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\Windows.UI.ShellCommon.pri Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.en-US.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.ru-RU.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\pris\Windows.UI.ShellCommon.uk-UA.pri Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\StartUI\Assets\officehub150x150.png Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\StartUI\Assets\officehub71x71.png Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\StartUI\Assets\onenote150x150.png Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\StartUI\Assets\onenote71x71.png Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aadWamExtension.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AarSvc.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AboveLockAppHost.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\accessibilitycpl.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcGenral.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcSpecfc.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActionCenterCPL.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActivationManager.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\activeds.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\activeds.tlb Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ActiveSyncProvider.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\actxprxy.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\acwow64.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdmTmpl.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\adsldpc.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\advapi32.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aepic.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\agentactivationruntime.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\agentactivationruntimewindows.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\amsi.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppContracts.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppExtension.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apphelp.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appidapi.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appidtel.exe Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppLockerCSP.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appmgmts.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppointmentActivation.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppResolver.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVClientPS.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVEntSubsystems32.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVSentinel.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVTerminator.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\appwiz.cpl Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxAllUserStore.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppXDeploymentClient.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxSip.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AssignedAccessRuntime.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atl.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atlthunk.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\atmlib.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioEng.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AUDIOKSE.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioSes.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\auditpol.exe Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\auditpolcore.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authui.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\authz.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\autoplay.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\avrt.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\azroles.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\backgroundTaskHost.exe Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BCP47Langs.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BCP47mrm.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcrypt.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcryptprimitives.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BingMaps.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BioCredProv.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BitLockerCsp.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\biwinrt.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BluetoothApis.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BTAGService.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bthprops.cpl Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cabinet.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CameraCaptureUI.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\capauthz.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\catsrv.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdosys.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdp.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdprt.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\certca.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertEnroll.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CertEnrollCtrl.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cfgbkend.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cfgmgr32.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakra.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakradiag.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakrathunk.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cic.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clbcatq.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Clipc.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CloudExperienceHostCommon.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CloudExperienceHostUser.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clusapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmd.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmdial32.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmintegrator.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\colbact.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coloradapterclient.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\combase.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comctl32.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comdlg32.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coml2.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CompPkgSup.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\compstui.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\comsvcs.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ConsoleLogon.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\container.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\control.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\coreglobconfig.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreMessaging.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreShellAPI.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CoreUIComponents.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CPFilters.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredProvDataModel.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovs.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credui.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\crypt32.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptbase.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptdll.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptext.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptnet.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptngc.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CryptoWinRT.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptsp.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptui.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscapi.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscdll.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d2d1.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d10warp.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d11.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3D12.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d8thk.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d9.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3DCompiler_47.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3DSCache.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DafPrintProvider.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DataExchange.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\davclnt.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\davhlpr.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\daxexec.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbgcore.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dbghelp.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dciman32.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dcomp.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DevDispItemProvider.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devenum.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DeviceReactivation.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devobj.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\devrtl.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore6.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcsvc6.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DiagnosticInvoker.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dialclient.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\directmanipulation.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\directml.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\diskperf.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DismApi.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dllhost.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmcfgutils.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmcmnutils.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmenrollengine.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmiso8601utils.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dnsapi.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DolbyDecMFT.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3api.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dot3msm.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dpapi.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drprov.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvsetup.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvstore.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsparse.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsreg.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsregtask.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsrole.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dsui.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dtdump.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dui70.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\duser.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dusmapi.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dwmapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWrite.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWWIN.EXE Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DXCore.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxdiagn.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxgi.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DxpTaskSync.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxtrans.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapp3hst.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappcfg.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappgnui.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapphost.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eappprxy.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\eapprovp.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EaseOfAccessDialog.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\easwrt.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgehtml.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgeIso.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EdgeManager.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditBufferTestHook.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditionUpgradeHelper.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edpnotify.exe Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edputil.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\efswrt.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\enrollmentapi.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\enterpriseresourcemanager.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:23 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ErrorDetails.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\es.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EsdSip.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\esent.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\evr.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExecModelClient.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\execmodelproxy.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\explorer.exe Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ExplorerFrame.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Faultrep.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdSSDP.dll Handle ID: 0xe4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fdWSD.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fidocredprov.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\findnetprinters.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FirewallAPI.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FirewallControlPanel.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fixmapi.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FlightSettings.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fltLib.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fltMC.exe Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontdrvhost.exe Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontext.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontsub.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\framedynos.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FrameServerClient.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapi.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapibase.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwbase.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fwpolicyiomgr.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FWPUCLNT.DLL Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FXSCOMEX.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GameInput.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32full.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GdiPlus.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Geolocation.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\glmf32.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\globinputhost.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\glu32.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpapi.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpedit.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpprefcl.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpscript.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpscript.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gpupdate.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GraphicsCapture.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hgcpl.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hid.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HoloShellRuntime.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HrtfApo.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\httpapi.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\HvsiManagementApi.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasads.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasnap.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iasrecst.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iassdo.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\icm32.dll Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieapfltr.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieframe.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iemigplugin.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieproxy.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iertutil.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imagehlp.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi2.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imapi2fs.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\imm32.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IndexedDbLegacy.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InkEd.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InkObjCore.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputHost.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputSwitch.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallService.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallServiceTasks.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\instnm.exe Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\intl.cpl Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IPHLPAPI.DLL Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iprtprio.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iprtrmgr.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iri.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9diag.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jsproxy.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd101.DLL Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd106.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kbd106n.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KBDJPN.DLL Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KBDUS.DLL Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kerberos.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel.appcore.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel32.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KernelBase.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\keyiso.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ktmw32.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LanguageOverlayUtil.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LaunchTM.exe Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LaunchWinApp.exe Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicenseManager.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicenseManagerApi.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicensingWinRT.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\linkinfo.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LocationApi.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockAppBroker.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\logman.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\logoncli.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\lpk.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mapi32.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mapistub.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapRouter.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mavinject.exe Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApiPublic.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmlocalmanagement.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmregistration.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf3216.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfasfsrcsnk.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFCaptureEngine.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfcore.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfds.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFMediaEngine.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmjpegdec.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmp4srcsnk.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfnetcore.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfnetsrc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfplat.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsensorgroup.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsvr.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mi.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\midimap.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migisol.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MiracastReceiver.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MiracastReceiverExt.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MitigationConfiguration.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\miutils.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mlang.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmc.exe Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmcndmgr.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MMDevAPI.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mobilenetworking.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MP4SDECD.DLL Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mpg2splt.ax Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mpr.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprdim.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MrmCoreR.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msaatext.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msacm32.drv Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msasn1.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSAudDecMFT.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msauserext.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mscms.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctf.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsCtfMonitor.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctfp.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msftedit.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.tlb Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtmled.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msi.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msidcrl40.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msimg32.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msimsg.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msisip.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msIso.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msjet40.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mskeyprotcli.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mskeyprotect.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msmpeg2vdec.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msrd3x40.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msscntrs.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssitlb.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssph.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssprxy.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssrch.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssvp.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstext40.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstsc.exe Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstscax.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msutb.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msv1_0.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcp110_win.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcp_win.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcrt.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVidCtl.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvproc.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSWB7.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswmdm.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswsock.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxbde40.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3r.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6r.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MuiUnattend.exe Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NapiNSP.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncobjapi.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncpa.cpl Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncrypt.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptprov.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptsslp.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ndadmin.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\net1.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netapi32.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netcenter.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetDriverInstall.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netiougc.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netlogon.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netprofm.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupApi.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupEngine.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netshell.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netutils.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\newdev.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\newdev.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ninput.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlaapi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlmproxy.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nlmsprep.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\normaliz.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\npmproxy.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NPSM.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshwfp.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntasn1.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdsapi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntlanman.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntmarta.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntshrui.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntvdm64.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\odbcconf.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oemlicense.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offlinesam.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ole32.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacc.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleacchooks.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleaut32.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleprn.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\omadmapi.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneCoreCommonProxyStub.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OpcServices.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\opengl32.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OpenWith.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pcacli.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pcaui.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PCPKsp.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PCShellCommonProxyStub.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pdh.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeerDist.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfctrs.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfdisk.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfnet.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfos.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfproc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhotoMetadataHandler.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PhotoScreensaver.scr Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PickerPlatform.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pku2u.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToManager.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pnrpnsp.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\policymanager.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\powercpl.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\powrprof.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Print.Workflow.Source.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\printui.exe Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintWorkflowProxy.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintWorkflowService.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PrintWSDAHost.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\prnntfy.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\profapi.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\profext.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\propsys.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\provmigrate.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\psapi.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\psisdecd.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiapi.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\puiobj.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\qdvd.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\qedit.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\quartz.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RADCUI.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasapi32.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\raschap.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasdlg.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasgcw.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasman.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasplap.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastls.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpencom.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpserverbase.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpsharercom.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpviewerax.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgocl32.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgogl32.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgu1132.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdvgumd32.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ReAgent.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ReAgentc.exe Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\regapi.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\relog.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\remoteaudioendpoint.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ResourcePolicyClient.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\resutils.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rmclient.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rpcrt4.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rsaenh.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rtm.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RTMediaFrame.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rtutils.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RTWorkQ.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\samcli.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\samlib.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scecli.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scesrv.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schannel.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\scrptadm.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sdbinst.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchFilterHost.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchIndexer.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchProtocolHost.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sechost.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\secur32.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SecurityCenterBrokerPS.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SensorsApi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sethc.exe Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncCore.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup16.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupapi.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupcl.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupcln.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupugc.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sfc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sfc_os.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShareHost.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SHCore.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shell32.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShellCommonCommonProxyStub.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shimeng.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shlwapi.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\slc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\slcext.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\smartscreenps.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SpatializerApo.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spbcd.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spinf.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spopk.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppc.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppcext.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppcomapi.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spwizeng.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmclient.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srmscan.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srpapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srvcli.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StateRepository.Core.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StructuredQuery.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sud.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\svchost.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sxs.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sxstrace.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncCenter.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SyncSettings.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\syncutil.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\systemcpl.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemSettings.DataModel.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SystemUWPLauncher.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tapi3.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tapi32.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tapisrv.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskcomp.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Taskmgr.exe Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskschd.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tbauth.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tbs.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdc.ocx Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdh.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\termmgr.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextInputFramework.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextInputMethodFormatter.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TextShaping.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\themecpl.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\threadpoolwinrt.dll Handle ID: 0x118 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\thumbcache.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TileDataRepository.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tokenbinding.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBroker.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBrokerCookies.exe Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TpmCertResources.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TpmCoreProvisioning.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tquery.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tracerpt.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tsgqec.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tsmf.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.appcore.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.appcore.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\typeperf.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tzres.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ucrtbase.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\udhisapi.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UiaManager.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAnimation.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UIAutomationCore.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\umpdc.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\unenrollhook.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\updatepolicy.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnpcont.exe Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\upnphost.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\urlmon.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\user.exe Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\user32.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserAccountControlSettings.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\useractivitybroker.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usercpl.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataTimeUtil.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDeviceRegistration.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\userenv.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usermgrcli.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserMgrProxy.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usoapi.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usp10.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Utilman.exe Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uxlib.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uxtheme.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\VAN.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Vault.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vaultcli.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vbscript.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\version.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\virtdisk.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vssapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vsstrace.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\w32topl.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wavemsp.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbemcomn.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wcmapi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wdigest.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wdscore.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WebcamUi.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webio.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webplatstorageserver.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webservices.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Websocket.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wer.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\werdiagcontroller.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerEnc.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\weretw.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFault.exe Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFaultSecure.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wermgr.exe Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\werui.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wevtapi.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wfapigp.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wfdprov.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wiaaut.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wimgapi.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32k.sys Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32kfull.sys Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32u.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wincorlib.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowManagementAPI.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AccountsControl.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.applicationmodel.datatransfer.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Data.Pdf.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Lights.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Midi.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Perception.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Picker.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SmartCards.Phone.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Usb.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Energy.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.FileExplorer.Common.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.Input.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Gaming.Preview.dll Handle ID: 0x110 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Devices.Sensors.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Management.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.SecurityMitigationsBroker.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.internal.shellcommon.AccountsControlExperience.dll Handle ID: 0xdc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Management.Workplace.dll Handle ID: 0x128 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Audio.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Devices.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Import.dll Handle ID: 0xc4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Ocr.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Speech.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Mirage.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Mirage.Internal.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.HostName.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.ESim.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Vpn.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Payments.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Perception.Stub.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Shell.ServiceHostBuilder.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepository.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll Handle ID: 0x11c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll Handle ID: 0xa0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.storage.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.Search.dll Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Diagnostics.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Launcher.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.RetailInfo.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.System.Profile.SystemId.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Immersive.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll Handle ID: 0xa8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Search.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.Controls.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.dll Handle ID: 0xd4 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.Http.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecs.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsExt.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsCodecsRaw.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windowslivelogin.dll Handle ID: 0xc0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winhttp.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininet.dll Handle ID: 0x12c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininitext.dll Handle ID: 0x10c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Winlangdb.dll Handle ID: 0xe0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winmm.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winrnr.dll Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winsku.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winspool.drv Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winsta.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wintrust.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinTypes.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wkscli.dll Handle ID: 0xf0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wkspbrokerAx.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanapi.dll Handle ID: 0xc8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlancfg.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WLanConn.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlangpui.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanhlp.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WlanMM.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanui.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wldap32.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wldp.dll Handle ID: 0xcc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlgpclnt.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidcli.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidcredprov.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidfdp.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidnsp.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlidprov.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOD.DLL Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOE.DLL Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmiclnt.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmidcom.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmidx.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMNetMgr.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmp.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmpdxm.dll Handle ID: 0x88 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wmsgapi.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMSPDMOE.DLL Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVCORE.DLL Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMVDECOD.DLL Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WordBreakers.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wow32.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wowreg32.exe Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wpc.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WpcWebFilter.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnapps.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnclient.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ws2_32.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsecedit.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wshbth.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wship6.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSHTCPIP.DLL Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAgent.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSManHTTPConfig.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WSManMigrationPlugin.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmAuto.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsmplpxy.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsmprovhost.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmRes.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmSvc.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmWmiPl.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_fs.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_health.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wtsapi32.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapi.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuceffects.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wudriver.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wups.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wvc.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWAHost.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWanAPI.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wwapi.dll Handle ID: 0x114 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\xmllite.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\XpsPrint.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AdvancedInstallers\cmiv2.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Com\comadmin.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\AppxProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\AssocProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\CbsProvider.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismCore.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismHost.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DismProv.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\DmiProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\FfuProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\FolderProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\GenericProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ImagingProvider.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\IntlProvider.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\LogProvider.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\MsiProvider.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\OfflineSetupProvider.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\OSProvider.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\ProvProvider.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SetupPlatformProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SmiProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SysprepProvider.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\TransmogProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\UnattendProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\VhdProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\WimProvider.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drivers\afunix.sys Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12AppFrame.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\F12AppFrame2.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\F12\IEChooser.exe Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPAPI.DLL Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\imjpcus.dll Handle ID: 0x124 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\IMJPTIP.DLL Handle ID: 0x80 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEKR\imkrapi.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMETIP.DLL Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\SHARED\IMJKAPI.DLL Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\lxss\LxssManagerProxyStub.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\msctfmig.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\shmig.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\sppmig.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\SxsMigPlugin.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WMIMigrationPlugin.dll Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WpcMigration.Uplevel.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WSearchMigPlugin.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WsUpgrade.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migwiz\unbcl.dll Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\cmisetup.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\SetupCleanupTask.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setup\RasMigPlugin.dll Handle ID: 0xbc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Common\sapi.dll Handle ID: 0x104 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\TTS\MSTTSEngine.dll Handle ID: 0xb8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\sapi_onecore.dll Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\SpeechModelDownload.exe Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\Windows.Speech.Dictation.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Common\Windows.Speech.Shell.dll Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\MSTTSEngine_OneCore.dll Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0xe8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-pl-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-oob-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-phn-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-store-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x134 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-pl-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-oob-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-phn-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-store-rtm.xrm-ms Handle ID: 0xb0 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\DefaultPpd-csvlk-pack-ppdlic.xrm-ms Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\esscli.dll Handle ID: 0xd8 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\fastprox.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\Microsoft.Uev.AgentWmi.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\mofcomp.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\mofd.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wbemprox.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wbemsvc.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WMIADAP.exe Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WMICOOKR.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiDcPrv.dll Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wbem\wmiutils.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\SmbComponent.cdxml Handle ID: 0x7c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1 Handle ID: 0x8c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.AI.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.ApplicationModel.winmd Handle ID: 0x9c Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Data.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Devices.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Foundation.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Gaming.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Globalization.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Graphics.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Management.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Media.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Networking.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Perception.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Security.winmd Handle ID: 0x108 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Services.winmd Handle ID: 0x130 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Storage.winmd Handle ID: 0x84 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.System.winmd Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.UI.winmd Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.UI.Xaml.winmd Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WinMetadata\Windows.Web.winmd Handle ID: 0xfc Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\14a3f9e824793931d34f7f786a538bbc9ef1f0d6.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\20bbcadaff3e0543ef358ba4dd8b74bfe8e747c8.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\2213703c9c64cc61ba900531652e23c84728d2a2.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\315818c03ccc2b10070df2d4ebd09eb6c4c66e58.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\ceb497ee0184aaa4681d2fb2ef242a5b8551eea8.xml Handle ID: 0x64 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-30 05:04:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsSense.exe Handle ID: 0x188 Process Information: Process ID: 0xcd0 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;OICISAFA;0x10d0000;;;WD)
|
| | Security | Audit Success | 103 | 2020-10-30 05:04:49 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b4 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2cc New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x310 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-10-30 05:05:12 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:15 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3e0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x310 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfdda Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x554 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfe33 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x554 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x554 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178cc Linked Logon ID: 0x178f3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x554 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178f3 Linked Logon ID: 0x178cc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x554 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178cc Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178f3 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a0 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a8 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x310 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4b0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4a0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4f0 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x500 New Process Name: ???????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x50c New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4a8 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x554 New Process Name: ????????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4a0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-10-30 05:05:17 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfbfe
|
| | Security | Audit Success | 12292 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xef8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xef8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1048 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 05:05:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1048 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-10-30 05:05:19 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:05:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:05:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x25f256 Linked Logon ID: 0x25f7bd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x25f7bd Linked Logon ID: 0x25f256 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x25f256 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:06:56 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-30 05:06:57 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x9a8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Process Information: Process ID: 1380 Process Creation Time: 2020-10-30T03:06:58.5908775Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Process Information: Process ID: 1380 Process Creation Time: 2020-10-30T03:06:58.5908775Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7992 Process Creation Time: 2020-10-30T03:06:59.2551477Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7992 Process Creation Time: 2020-10-30T03:06:59.2551477Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:06:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x710 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12290 | 2020-10-30 05:07:01 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:01 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2552 Process Creation Time: 2020-10-30T03:06:59.4372513Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:01 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2552 Process Creation Time: 2020-10-30T03:06:59.4372513Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2552 Process Creation Time: 2020-10-30T03:06:59.4372513Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2552 Process Creation Time: 2020-10-30T03:06:59.4372513Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 2552 Process Creation Time: 2020-10-30T03:06:59.4372513Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x298162 Linked Logon ID: 0x29819b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x29819b Linked Logon ID: 0x298162 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x50c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x298944 Linked Logon ID: 0x2989a7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x50c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x2989a7 Linked Logon ID: 0x298944 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x50c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x2989a7 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x29819b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x298162 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x298944 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x298162 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x298944 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:02 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2760 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 05:07:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2760 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:30 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:07:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:07:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:07:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-10-30 05:07:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7992 Process Creation Time: 2020-10-30T03:06:59.2551477Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 05:07:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7992 Process Creation Time: 2020-10-30T03:06:59.2551477Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:08:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:09:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 05:10:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 05:10:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x25f7bd This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa18 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 05:11:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2720 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-10-30 05:11:04 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b8 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2cc New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-10-30 22:43:13 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3e0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x55c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfd44 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x55c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfd5f Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f0 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4e8 New Process Name: ??????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4f0 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4f8 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4e8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x540 New Process Name: ????????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f0 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x55c New Process Name: ????????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4e8 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x57c New Process Name: ???????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f0 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x584 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f0 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-10-30 22:43:20 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfb3e
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x55c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17d45 Linked Logon ID: 0x17d7a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x55c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17d7a Linked Logon ID: 0x17d45 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x55c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17d45 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17d7a Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd4c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd4c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x764 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x130c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x130c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d133 Linked Logon ID: 0x7d16a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d16a Linked Logon ID: 0x7d133 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d619 Linked Logon ID: 0x7d64e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d64e Linked Logon ID: 0x7d619 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d64e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d619 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d133 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7d619 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Process Information: Process ID: 8136 Process Creation Time: 2020-10-30T20:43:44.8805174Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Process Information: Process ID: 8136 Process Creation Time: 2020-10-30T20:43:44.8805174Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8624 Process Creation Time: 2020-10-30T20:43:45.3147323Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8624 Process Creation Time: 2020-10-30T20:43:45.3147323Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2370 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 22:43:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2370 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:57 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:43:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:02 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:44:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x319c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14c22d Linked Logon ID: 0x14c273 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14c273 Linked Logon ID: 0x14c22d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14d3ba Linked Logon ID: 0x14d45b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14d45b Linked Logon ID: 0x14d3ba Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x14d45b Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x14c273 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x14d3ba Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x14c22d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14c22d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x14d3ba Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:33 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:45:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:45:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:45:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:46:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:46:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:46:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 22:46:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:46:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 22:46:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:35 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:46:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd2c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:47:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:48:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd2c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:49:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:49:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:49:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:52:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:53:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 22:55:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 22:55:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:55:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:57:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 22:58:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:08:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12292 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x2945de Linked Logon ID: 0x294623 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x294623 Linked Logon ID: 0x2945de Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x2958b7 Linked Logon ID: 0x295979 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x295979 Linked Logon ID: 0x2958b7 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x295979 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x2958b7 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x294623 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x2945de Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x2945de Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x2958b7 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:39 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:08:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:09:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:10:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:10:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:10:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 23:10:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:10:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:12:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:14:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:15:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:15:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 23:15:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:15:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8624 Process Creation Time: 2020-10-30T20:43:45.3147323Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8624 Process Creation Time: 2020-10-30T20:43:45.3147323Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-30 23:15:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:15:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:16:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:32 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:17:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:17:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:17:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:19:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:19:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:24 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:19:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:21:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:21:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:21:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:22:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:24:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:25:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2fdc Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:31:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 6932 Process Creation Time: 2020-10-30T20:43:22.6083826Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x477740 Linked Logon ID: 0x477787 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x477787 Linked Logon ID: 0x477740 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x478de2 Linked Logon ID: 0x478ef0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x478ef0 Linked Logon ID: 0x478de2 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x584 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x478ef0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x477787 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x478de2 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x477740 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x477740 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x478de2 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:30 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:31:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2514 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:31:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:31:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:32:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:33:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:33:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:22 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:33:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:35:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:36:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:38:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:39:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:39:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:39:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:40:48 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:41:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:41:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:41:35 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:42:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:43:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:43:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:43:53 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:44:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-30 23:44:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:44:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-30 23:44:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:33 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:44:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x938 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:45:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:46:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:47:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:49:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:50:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:51:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:51:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:51:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:52:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:53:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:55:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:56:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:58:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-30 23:59:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:59:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-30 23:59:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-30 23:59:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12545 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7d16a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x814 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-30 23:59:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x22f4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-10-30 23:59:19 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b0 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2c8 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-10-31 01:53:33 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3f0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x49c Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfaa9 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x49c Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfadf Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17a08 Linked Logon ID: 0x17a35 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17a35 Linked Logon ID: 0x17a08 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x548 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17a08 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17a35 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x494 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x49c New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a4 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x494 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4e4 New Process Name: ????????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x49c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4f8 New Process Name: ???????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x49c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x500 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x49c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x548 New Process Name: ????????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x494 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:39 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xf8b1
|
| | Security | Audit Success | 12292 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6fc Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xec0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xec0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x12f0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x12f0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:48 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:53:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:50 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xd2023
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:50 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x1d98 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xd2023
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x5a8 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x540 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x3b0 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_8c225bc560faa67e.cdf-ms Handle ID: 0x5b0 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_d3c2d4757cf0b9a3.cdf-ms Handle ID: 0x5f0 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 01:53:51 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_default_44e57bb5c1e3d0e8.cdf-ms Handle ID: 0x5a8 Process Information: Process ID: 0x1274 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 12290 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7104 Process Creation Time: 2020-10-30T23:53:40.9762773Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7104 Process Creation Time: 2020-10-30T23:53:40.9762773Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7104 Process Creation Time: 2020-10-30T23:53:40.9762773Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7104 Process Creation Time: 2020-10-30T23:53:40.9762773Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7104 Process Creation Time: 2020-10-30T23:53:40.9762773Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe2fb5 Linked Logon ID: 0xe2fec Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe2fec Linked Logon ID: 0xe2fb5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x500 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe346a Linked Logon ID: 0xe349f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x500 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe349f Linked Logon ID: 0xe346a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x500 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe349f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe346a Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe2fb5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xe346a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-10-31 01:54:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7dc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Process Information: Process ID: 8352 Process Creation Time: 2020-10-30T23:54:01.0093947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Process Information: Process ID: 8352 Process Creation Time: 2020-10-30T23:54:01.0093947Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9296 Process Creation Time: 2020-10-30T23:54:01.2407536Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9296 Process Creation Time: 2020-10-30T23:54:01.2407536Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2618 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 01:54:01 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2618 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:12 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:54:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-10-31 01:54:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9296 Process Creation Time: 2020-10-30T23:54:01.2407536Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 01:54:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9296 Process Creation Time: 2020-10-30T23:54:01.2407536Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:55:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:55:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:55:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:55:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 01:55:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:55:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 01:55:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:55:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:55:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:56:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:56:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:56:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:56:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:56:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 01:57:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x944 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x944 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x944 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x944 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:04:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:08:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fb5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:08:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:08:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17fc Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:09:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:09:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:09:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:19:26 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:20:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:20:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e4 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e4 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e4 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x346c Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x346c Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x346c Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x346c Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x346c Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:21:36 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:22:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2fd0 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:23:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:23:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:24:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:24:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:24:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:24:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:24:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:25:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:25:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:25:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:25:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2f9c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2f9c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:21 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:26:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:28 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xbab104
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:28 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x263c Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xbab104
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_fonts_0428e0346460ac4c.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_fonts_dc62106d96619a3c.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_windowsbase_v4.0_4.0.0.0_31bf3856ad364e35_5764ca98829cd598.cdf-ms Handle ID: 0xea0 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationtypes_v4.0_4.0.0.0_31bf3856ad364e35_1f12bec8f88f4450.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationprovider_v4.0_4.0.0.0_31bf3856ad364e35_6bb637099f04ee2c.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclientsideproviders_v4.0_4.0.0.0_31bf3856ad364e35_6944991d7b306f0d.cdf-ms Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclient_v4.0_4.0.0.0_31bf3856ad364e35_35816ba0d06901c4.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.xaml_v4.0_4.0.0.0_b77a5c561934e089_6747aba031bff5b1.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms_v4.0_4.0.0.0_b77a5c561934e089_7780f78ea9286b2d.cdf-ms Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.controls.ribbon_v4.0_4.0.0.0_b77a5c561934e089_f0c023acb7bafe74.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.deployment_v4.0_4.0.0.0_b03f5f7f11d50a3a_e63bb68aefb0cd4a.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.core_v4.0_4.0.0.0_b77a5c561934e089_18d3047bb5729e36.cdf-ms Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework-systemdata_v4.0_4.0.0.0_b77a5c561934e089_89b90455552a8828.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework_v4.0_4.0.0.0_31bf3856ad364e35_b57a3b1abb4f9cb2.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0xe14 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0xe1c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0xe1c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0xe1c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0xd28 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0xe0c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0xe1c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0xe10 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0xe14 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0xe9c Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:26:37 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0xc64 Process Information: Process ID: 0x13f8 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:26:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:26:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:26:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:27:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4e4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:27:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2020-10-31 02:27:40 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xe2fec This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:27:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_fonts_0428e0346460ac4c.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_d97e7188b51e6116.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v3.0_wpf_f80a7f17f38f3771.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_fonts_dc62106d96619a3c.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_windowsbase_v4.0_4.0.0.0_31bf3856ad364e35_5764ca98829cd598.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationtypes_v4.0_4.0.0.0_31bf3856ad364e35_1f12bec8f88f4450.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationprovider_v4.0_4.0.0.0_31bf3856ad364e35_6bb637099f04ee2c.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclientsideproviders_v4.0_4.0.0.0_31bf3856ad364e35_6944991d7b306f0d.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_uiautomationclient_v4.0_4.0.0.0_31bf3856ad364e35_35816ba0d06901c4.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.xaml_v4.0_4.0.0.0_b77a5c561934e089_6747aba031bff5b1.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.forms_v4.0_4.0.0.0_b77a5c561934e089_7780f78ea9286b2d.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.windows.controls.ribbon_v4.0_4.0.0.0_b77a5c561934e089_f0c023acb7bafe74.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.deployment_v4.0_4.0.0.0_b03f5f7f11d50a3a_e63bb68aefb0cd4a.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_system.core_v4.0_4.0.0.0_b77a5c561934e089_18d3047bb5729e36.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework-systemdata_v4.0_4.0.0.0_b77a5c561934e089_89b90455552a8828.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_assembly_gac_msil_presentationframework_v4.0_4.0.0.0_31bf3856ad364e35_b57a3b1abb4f9cb2.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_41115a5fd4566dab.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_ad470207ad610db1.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_b81ea2cfde84fb19.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_reference_assemblies_microsoft_framework_v3.0_1dfad1527dc1078c.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x88 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_f89c5a39d351281a.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_a4ba21b6f468ca9e.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_61efdd9e2d0263ca.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x68 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x68 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll Handle ID: 0x68 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x70 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PenIMC.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll Handle ID: 0x84 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x98 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:27:45 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x94 Process Information: Process ID: 0x2ba8 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 103 | 2020-10-31 02:27:48 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b0 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2cc New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-10-31 02:28:09 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:12 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3dc New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfd93 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfdb5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17c93 Linked Logon ID: 0x17cb6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17cb6 Linked Logon ID: 0x17c93 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17c93 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17cb6 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4ac New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4b4 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4bc New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4ac Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4fc New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4b4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x510 New Process Name: ???????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4b4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x518 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4b4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x560 New Process Name: ????????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4ac Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-10-31 02:28:14 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfb94
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x10e0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x10e0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1118 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1118 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1d9c Process Name: C:\Windows\Temp\EDGEMITMP_30407.tmp\setup.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:34 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1d9c Process Name: C:\Windows\Temp\EDGEMITMP_30407.tmp\setup.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9479d Linked Logon ID: 0x94b6a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x94b6a Linked Logon ID: 0x9479d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9479d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:35 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa60 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Process Information: Process ID: 8224 Process Creation Time: 2020-10-31T00:28:35.9079581Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Process Information: Process ID: 8224 Process Creation Time: 2020-10-31T00:28:35.9079581Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9088 Process Creation Time: 2020-10-31T00:28:36.1861106Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9088 Process Creation Time: 2020-10-31T00:28:36.1861106Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x724 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2a18 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:28:41 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2a18 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12290 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8844 Process Creation Time: 2020-10-31T00:28:36.3583295Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8844 Process Creation Time: 2020-10-31T00:28:36.3583295Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8844 Process Creation Time: 2020-10-31T00:28:36.3583295Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8844 Process Creation Time: 2020-10-31T00:28:36.3583295Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8844 Process Creation Time: 2020-10-31T00:28:36.3583295Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x138957 Linked Logon ID: 0x1389ea Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x1389ea Linked Logon ID: 0x138957 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x13a261 Linked Logon ID: 0x13a332 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x13a332 Linked Logon ID: 0x13a261 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x518 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x13a332 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x1389ea Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x13a261 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x138957 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x138957 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x13a261 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:46 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:28:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:28:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:28:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:29:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:29:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:15 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:15 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12290 | 2020-10-31 02:29:21 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:29:21 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9088 Process Creation Time: 2020-10-31T00:28:36.1861106Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 02:29:21 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9088 Process Creation Time: 2020-10-31T00:28:36.1861106Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Failure | 12544 | 2020-10-31 02:29:29 | | Microsoft-Windows-Security-Auditing | 4625: An account failed to log on. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Logon Type: 2 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: - Account Domain: - Failure Information: Failure Reason: %%2313 Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x338c Caller Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x338c Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:29 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:29:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:29:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:29:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:29:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2bb8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:29:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2bb8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:30:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:30:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:30:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:30:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:30:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:35:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:35:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:37:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:37:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:37:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:37:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:38:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:38:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:38:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:38:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:38:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:38:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:42 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:42 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:38:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:40:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:41:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xdb8 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:41:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:41:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:41:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d5c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:41:28 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d5c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:43:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xd9c Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:45:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:45:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 02:45:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1f14 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:45:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1f14 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:45:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:47:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:47:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:47:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:47:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ahronbd.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\aldhabi.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\andlso.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\angsana.ttc Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\aparaj.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\aparajb.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\aparajbi.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\aparaji.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\arabtype.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova-Bold.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova-BoldItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova-Italic.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova-Light.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova-LightItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNova.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond-Bold.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond-BoldItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond-Italic.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond-Light.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond-LightItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\ArialNovaCond.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\batang.ttc Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\BIZ-UDGothicB.ttc Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\BIZ-UDGothicR.ttc Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\BIZ-UDMinchoM.ttc Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\browalia.ttc Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\cordia.ttc Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\daunpenh.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\david.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\davidbd.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Deng.ttf Handle ID: 0x958 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Dengb.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Dengl.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\dokchamp.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\estre.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\euphemia.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\frank.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\gautami.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\gautamib.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-Black.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-BlackItalic.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-Bold.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-BoldItalic.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondBlack.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondBlackItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondBold.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondBoldItalic.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondLight.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondLightItalic.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondRegular.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondSemiBold.ttf Handle ID: 0x62c Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-CondSemiBoldItalic.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-Italic.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-Light.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-LightItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-Regular.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-SemiBold.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GeorgiaPro-SemiBoldItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansBoItNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansBoNova.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondBoItNova.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondBoNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondExtraItNova.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondExtraNova.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondItNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondLightItNova.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondLightNova.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansCondUltraBoNova.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansItNova.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansLightItNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansLightNova.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansNova.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\GillSansUltraBoNova.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\gisha.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\gishabd.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\gulim.ttc Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\iskpota.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\iskpotab.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kaiu.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kalinga.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kalingab.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kartika.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kartikab.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\KhmerUI.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\KhmerUIb.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kokila.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kokilab.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kokilabi.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\kokilai.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\LaoUI.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\LaoUIb.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\latha.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\lathab.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\leelawad.ttf Handle ID: 0x950 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\leelawdb.ttf Handle ID: 0x600 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\lvnm.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\lvnmbd.ttf Handle ID: 0x940 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\majalla.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\majallab.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\mangal.ttf Handle ID: 0x710 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\mangalb.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\meiryo.ttc Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\meiryob.ttc Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\mingliu.ttc Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\moolbor.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\mriam.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\mriamc.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\msmincho.ttc Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\msuighub.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\msuighur.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-55Rg.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-56It.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-65Md.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-66MdIt.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-75Bd.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\NHaasGroteskTXPro-76BdIt.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\nrkis.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\nyala.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\plantc.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\raavi.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\raavib.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-Bold.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-BoldItalic.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-ExtraBold.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-ExtraBoldItalic.ttf Handle ID: 0xa28 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-Italic.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-Light.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova-LightItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNova.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond-Bold.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond-BoldItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond-Italic.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond-Light.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond-LightItalic.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\RockwellNovaCond.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\rod.ttf Handle ID: 0xa20 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Sanskr.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Shonar.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Shonarb.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\shruti.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\shrutib.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simfang.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simhei.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simkai.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simpbdo.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simpfxo.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\simpo.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\tradbdo.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\trado.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\tunga.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\tungab.ttf Handle ID: 0x424 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\UDDigiKyokashoN-B.ttc Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\UDDigiKyokashoN-R.ttc Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcdb.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcdbi.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcdi.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcdl.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upceb.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcebi.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcei.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcel.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcfb.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcfbi.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcfi.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcfl.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcib.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcibi.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcii.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcil.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcjb.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcjbi.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcji.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcjl.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upckb.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upckbi.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcki.ttf Handle ID: 0x9dc Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upckl.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upclb.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upclbi.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcli.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\upcll.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\UrdType.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\UrdTypeb.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\utsaah.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\utsaahb.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\utsaahbi.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\utsaahi.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Vani.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\Vanib.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-Black.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-BlackItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-Bold.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-BoldItalic.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondBlack.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondBlackItalic.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondBold.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondBoldItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondItalic.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondLight.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondLightItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondRegular.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondSemiBold.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-CondSemiBoldItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-Italic.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-Light.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-LightItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-Regular.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-SemiBold.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\VerdanaPro-SemiBoldItalic.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\vijaya.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\vijayab.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\vrinda.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\vrindab.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\yumin.ttf Handle ID: 0x6c4 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\yumindb.ttf Handle ID: 0x7b0 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\yuminl.ttf Handle ID: 0x790 Process Information: Process ID: 0x1a24 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 02:48:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2ab4 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 02:50:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:50:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 02:52:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 02:52:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 02:56:05 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 02:56:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x225c Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 03:00:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:00:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:00:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:00:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 03:00:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12288 | 2020-10-31 03:00:24 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x191c Name: C:\Windows\System32\svchost.exe Previous Time: 2020-10-31T01:00:24.4036269Z New Time: 2020-10-31T01:00:24.4043072Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:04:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:04:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:10:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:10:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:13 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xac0 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:10:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 03:15:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:15:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:22:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:22:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:28:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:28:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:28:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 03:28:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:28:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 03:28:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:28:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:28:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:31:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:31:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:37:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:37:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4fc Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x94b6a This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xb88 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 03:37:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x29d8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-10-31 03:38:00 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2bc New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d0 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2bc Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2bc Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-10-31 17:49:40 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:44 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3d0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfcbf Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfca6 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x410 New Process Name: ??????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2bc Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x418 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x420 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x410 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x468 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x418 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x48c New Process Name: ????????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x410 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x498 New Process Name: ???????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x418 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a0 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x418 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-10-31 17:49:47 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfaa1
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17418 Linked Logon ID: 0x17436 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17436 Linked Logon ID: 0x17418 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17418 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17436 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe1c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe1c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x10fc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x10fc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x684 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9f7bc Linked Logon ID: 0x9f7f3 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9f7f3 Linked Logon ID: 0x9f7bc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xa0093 Linked Logon ID: 0xa00c8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xa00c8 Linked Logon ID: 0xa0093 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xa00c8 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xa0093 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9f7bc Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xa0093 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:57 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x788 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Process Information: Process ID: 7600 Process Creation Time: 2020-10-31T15:49:57.8785951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Process Information: Process ID: 7600 Process Creation Time: 2020-10-31T15:49:57.8785951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8684 Process Creation Time: 2020-10-31T15:49:58.1937293Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8684 Process Creation Time: 2020-10-31T15:49:58.1937293Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2368 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 17:49:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2368 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:49:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:49:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:50:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:50:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:50:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:50:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:50:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:50:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:50:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:50:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8684 Process Creation Time: 2020-10-31T15:49:58.1937293Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8684 Process Creation Time: 2020-10-31T15:49:58.1937293Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:50:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: 1EA71239-0D2D-445A-9DE1-28486A93B065 Account Domain: NT VIRTUAL MACHINE Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x36e4 Process Name: C:\Windows\System32\vmcompute.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-83-1-514265657-1146752301-1210638749-1706070890 Account Name: 1EA71239-0D2D-445A-9DE1-28486A93B065 Account Domain: NT VIRTUAL MACHINE Logon ID: 0x1b3dd8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x36e4 Process Name: C:\Windows\System32\vmcompute.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-83-1-514265657-1146752301-1210638749-1706070890 Account Name: 1EA71239-0D2D-445A-9DE1-28486A93B065 Account Domain: NT VIRTUAL MACHINE Logon ID: 0x1b3dd8 Privileges: SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:51:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:51:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:52:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:52:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 17:52:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x15c8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 17:52:02 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x15c8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:52:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:52:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:52:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:52:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:52:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 17:53:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:53:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:53:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:54:21 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 17:54:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x216c Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:55:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 17:56:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 17:56:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x33dc Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 17:56:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:00 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:11:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39a9cd Linked Logon ID: 0x39aa12 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39aa12 Linked Logon ID: 0x39a9cd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39bb22 Linked Logon ID: 0x39bc52 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39bc52 Linked Logon ID: 0x39bb22 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x39bc52 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x39aa12 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x39bb22 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x39a9cd Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39a9cd Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x39bb22 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:12 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:11:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:12:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:13:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:14:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:15:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:16:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:16:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:16:34 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:17:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:19:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:20:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:22:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:23:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:25:30 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:27:03 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:28:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:30:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:31:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:33:15 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:34:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:36:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:37:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:39:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:41:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:42:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:44:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:44:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:44:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 19:45:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:45:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12545 | 2020-10-31 19:45:59 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-83-1-514265657-1146752301-1210638749-1706070890 Account Name: 1EA71239-0D2D-445A-9DE1-28486A93B065 Account Domain: NT VIRTUAL MACHINE Logon ID: 0x1b3dd8 Logon Type: 5 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:08 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:46:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:46:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x24d0 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x24d0 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x24d0 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3c28 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3c28 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3c28 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3c28 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3c28 Process Name: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:46:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:21 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-10-31 19:47:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:47:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:47:50 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3be8 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:49:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:50:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:52:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:54:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:55:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:55:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:56:13 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:57:45 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:04 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 19:59:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:05:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:05:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7968 Process Creation Time: 2020-10-31T15:49:52.0881021Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x725c6e Linked Logon ID: 0x725ccb Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x725ccb Linked Logon ID: 0x725c6e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7271f4 Linked Logon ID: 0x7273e9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7273e9 Linked Logon ID: 0x7271f4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7273e9 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x725ccb Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7271f4 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x725c6e Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x725c6e Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7271f4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:22 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:24 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1a44 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:05:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:06:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:08:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:09:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:11:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:12:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:14:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:15:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 20:17:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:17:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:17:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 20:18:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:18:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:18:47 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 20:19:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:19:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-10-31 20:19:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x38dc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-10-31 20:19:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x38dc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-10-31 20:19:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x468 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-10-31 20:19:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:20:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:21:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-10-31 20:23:37 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 12545 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9f7f3 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x410 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-10-31 20:23:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2330 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b4 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x310 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x358 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-01 20:30:56 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:00 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x40c New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x358 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x59c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x10090 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x59c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x100a9 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x530 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x528 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x530 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x358 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x538 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x528 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x580 New Process Name: ????????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x530 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x59c New Process Name: ????????????????-??6??8????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x528 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5b8 New Process Name: ???????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x530 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5c4 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x530 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-11-01 20:31:03 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfeba
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x59c Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17966 Linked Logon ID: 0x17984 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x59c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17984 Linked Logon ID: 0x17966 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x59c Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17966 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17984 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xec4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xec4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1190 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:05 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1190 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x78c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12290 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4824 Process Creation Time: 2020-11-01T18:31:08.0254594Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4824 Process Creation Time: 2020-11-01T18:31:08.0254594Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4824 Process Creation Time: 2020-11-01T18:31:08.0254594Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4824 Process Creation Time: 2020-11-01T18:31:08.0254594Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4824 Process Creation Time: 2020-11-01T18:31:08.0254594Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7f7ca Linked Logon ID: 0x7f84f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7f84f Linked Logon ID: 0x7f7ca Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x80187 Linked Logon ID: 0x801bc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x801bc Linked Logon ID: 0x80187 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x801bc Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x80187 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x7f7ca Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x80187 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:08 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x358 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Process Information: Process ID: 8768 Process Creation Time: 2020-11-01T18:31:08.7322174Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Process Information: Process ID: 8768 Process Creation Time: 2020-11-01T18:31:08.7322174Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8580 Process Creation Time: 2020-11-01T18:31:09.0548861Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8580 Process Creation Time: 2020-11-01T18:31:09.0548861Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2540 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:31:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2540 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:14 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:21 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:23 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:24 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8580 Process Creation Time: 2020-11-01T18:31:09.0548861Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8580 Process Creation Time: 2020-11-01T18:31:09.0548861Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:31:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:32:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:32:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:32:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:33:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:33:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:33:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:33:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:33:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:33:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:33:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:33:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:33:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:34:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:34:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:34:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:34:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x34fc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:09 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x34fc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:34:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x374c Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:34:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x251c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:37:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x251c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:37:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:37:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:37:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:20 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:29 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:38:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:39:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x500 Process Information: Process ID: 0x1a60 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x544 Process Information: Process ID: 0x1a60 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x4a4 Process Information: Process ID: 0x1a60 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:16 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:41:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12288 | 2020-11-01 20:41:28 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x24f4 Name: C:\Windows\System32\svchost.exe Previous Time: 2020-11-01T18:41:28.7684307Z New Time: 2020-11-01T18:41:28.7691895Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd6c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:41:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd6c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:41:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:41:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:13 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:19 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13568 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4904: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x5386ec
|
| | Security | Audit Success | 13568 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4905: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0x5386ec
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2648 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 20:42:20 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1d08 Process Name: C:\Windows\System32\SrTasks.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 20:42:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:42:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:43:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:43:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xfc8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:46:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:48:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:48:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:49:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:49:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:53:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:53:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:53:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:53:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:57:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:57:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 20:57:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:01:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:02:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:02:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:07:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:07:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-01 21:07:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x2ed4 Process Name: C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66AF4F0F-937C-41B8-83E4-1D54BB6A1405}\EDGEMITMP_8364C.tmp\setup.exe
|
| | Security | Audit Success | 13826 | 2020-11-01 21:07:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x2ed4 Process Name: C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{66AF4F0F-937C-41B8-83E4-1D54BB6A1405}\EDGEMITMP_8364C.tmp\setup.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 21:07:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:07:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:07:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 21:07:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:26:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:27:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 21:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:31:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:31:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 21:59:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-01 22:00:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-01 22:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 22:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 22:34:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 22:34:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 22:34:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 22:34:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-01 22:36:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 22:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 22:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 23:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 23:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-01 23:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-01 23:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 00:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 00:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 00:31:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 00:31:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 00:31:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 00:31:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 00:31:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 00:31:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 00:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 00:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 01:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 01:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 01:17:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 01:17:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 01:17:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2740 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 01:17:10 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2740 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 01:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 01:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 02:09:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 02:09:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 02:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 02:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 02:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 02:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 03:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:25:08 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 03:25:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:25:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 03:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 03:52:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 03:52:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 03:58:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 03:58:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:00:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:00:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:00:44 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:01:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2a04 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:03:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:03:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:03:18 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1890 Process Name: C:\Windows\System32\CompatTelRunner.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 04:03:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:03:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:03:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:03:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:04:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:04:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:10:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:10:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:16:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:16:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:18:18 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:18:18 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:22 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:29:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:29:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:27 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:29:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1dd8 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:40:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:46:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:46:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:50:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:50:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:50:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 04:50:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1e30 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 04:56:06 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 04:56:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 04:56:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:11:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:11:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:17:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:17:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:17:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:17:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:17:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:17:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:17:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:17:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 05:17:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3bcc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 05:17:52 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3bcc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 05:26:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:26:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 05:29:03 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:29:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3bb4 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 05:32:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:32:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:32:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 05:32:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:37:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:38:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:38:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:53 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: b2d6f7be-8525-0073-60ee-ba27f0c5592b Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 11032 Process Creation Time: 2020-11-02T03:36:30.5084782Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: b2d6f7be-8525-0073-60ee-ba27f0c5592b Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\2524820bddee6bfdaa459e61eb488ac3_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 11032 Process Creation Time: 2020-11-02T03:36:30.5084782Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: b2d6f7be-8525-0073-60ee-ba27f0c5592b Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:38:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:01 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:03 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:39:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:43:27 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:44:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x17a8 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:47:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:49:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:49:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:49:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 05:49:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 05:51:03 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:54:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 05:54:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:54:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 05:54:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 05:56:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 05:56:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:00:47 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:01:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f7ca User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2254 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:18:33 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:19:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x320 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:21:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:21:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:19 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x580 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x7f84f This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x3148 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x3148 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x3148 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x838 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:23:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x255c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-11-02 06:23:27 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b0 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d8 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x31c New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-02 06:24:13 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:17 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3ec New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x580 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x588 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x590 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x580 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5d8 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x588 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5f4 New Process Name: ????????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x580 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x610 New Process Name: ???????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x588 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 06:24:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x61c New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x588 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x588 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xfb5a Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x588 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xfb51 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x173ca Linked Logon ID: 0x173e2 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x173e2 Linked Logon ID: 0x173ca Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x173ca Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x173e2 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-11-02 06:24:21 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xf970
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x10a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x10a0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:28 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7e8 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12290 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7984 Process Creation Time: 2020-11-02T04:24:28.9011924Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7984 Process Creation Time: 2020-11-02T04:24:28.9011924Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7984 Process Creation Time: 2020-11-02T04:24:28.9011924Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7984 Process Creation Time: 2020-11-02T04:24:28.9011924Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 7984 Process Creation Time: 2020-11-02T04:24:28.9011924Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b02c Linked Logon ID: 0x8b068 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b068 Linked Logon ID: 0x8b02c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b567 Linked Logon ID: 0x8b5a0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b5a0 Linked Logon ID: 0x8b567 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x61c Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b5a0 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b567 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b02c Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x8b567 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:29 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x9a8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Process Information: Process ID: 8252 Process Creation Time: 2020-11-02T04:24:30.0459691Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Process Information: Process ID: 8252 Process Creation Time: 2020-11-02T04:24:30.0459691Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8960 Process Creation Time: 2020-11-02T04:24:30.3623623Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8960 Process Creation Time: 2020-11-02T04:24:30.3623623Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x25e4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 06:24:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x25e4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:24:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 06:24:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:42 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:24:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8960 Process Creation Time: 2020-11-02T04:24:30.3623623Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8960 Process Creation Time: 2020-11-02T04:24:30.3623623Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5d8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:19 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12545 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x8b068 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0xa08 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 06:25:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-11-02 06:25:52 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2c0 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d4 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2c0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x31c New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2c0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-02 16:40:16 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:20 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3dc New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x1364c Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x44c Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x1a5cc Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be3f Linked Logon ID: 0x1be9d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be9d Linked Logon ID: 0x1be3f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5dc Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be3f Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be9d Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x444 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2c0 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x44c New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x31c Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x454 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x444 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x490 New Process Name: ????????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x44c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x49c New Process Name: ???????????????-??6??c????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x44c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4b4 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x44c Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-11-02 16:40:23 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x13459
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6c4 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xbf0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xbf0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1468 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1468 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:25 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc8681 Linked Logon ID: 0xc86b8 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc86b8 Linked Logon ID: 0xc8681 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc8b48 Linked Logon ID: 0xc8b7d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc8b7d Linked Logon ID: 0xc8b48 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc8b7d Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc8b48 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc8681 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xc8b48 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:43 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7e0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Process Information: Process ID: 8664 Process Creation Time: 2020-11-02T14:40:43.9207660Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Process Information: Process ID: 8664 Process Creation Time: 2020-11-02T14:40:43.9207660Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9588 Process Creation Time: 2020-11-02T14:40:44.1151456Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9588 Process Creation Time: 2020-11-02T14:40:44.1151456Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x27d4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x27d4 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:49 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa54 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:56 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2d74 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:40:57 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2d74 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:40:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-11-02 16:41:29 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:41:29 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9588 Process Creation Time: 2020-11-02T14:40:44.1151456Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:41:29 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9588 Process Creation Time: 2020-11-02T14:40:44.1151456Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:41:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:42:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:42:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:42:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:42:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:42:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:42:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:42:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:42:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:42:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:43:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:43:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:43:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:43:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:43:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:43:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:48:01 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:48:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x5ec Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:50:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-2 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x748 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-2 Account Name: UMFD-2 Account Domain: Font Driver Host Logon ID: 0x4aa131 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x748 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xc86b8 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:40 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x748 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x4ae04b Linked Logon ID: 0x4ae06b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x748 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x4ae06b Linked Logon ID: 0x4ae04b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x748 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x1a5cc Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x4ae04b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x4ae06b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:41 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x25b0 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:42 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be9d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:42 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1be3f Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12290 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 3612 Process Creation Time: 2020-11-02T14:40:25.1545245Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Process Information: Process ID: 12608 Process Creation Time: 2020-11-02T14:51:46.2688326Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Process Information: Process ID: 12608 Process Creation Time: 2020-11-02T14:51:46.2688326Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cec40 Linked Logon ID: 0x4cec85 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cec85 Linked Logon ID: 0x4cec40 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cf0ea Linked Logon ID: 0x4cf14e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cf14e Linked Logon ID: 0x4cf0ea Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4b4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cf14e Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cf0ea Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cec40 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x4cf0ea Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 16:51:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x7e0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 16:51:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:51:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:51:58 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:52:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 16:55:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 16:55:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:28 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 16:56:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:01:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:01:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x768 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:06:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:07:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:07:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:10:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:10:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:14:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:14:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:17:19 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:17:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2b1c Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 17:20:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:20:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xf58 Process Name: C:\Windows\explorer.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:35:39 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:36:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:36:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:36:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 17:36:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:36:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:37:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:39:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:39:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:39:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:39:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 17:39:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x57d8 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 17:39:33 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x57d8 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 17:39:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:39:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:39:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:39:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 17:39:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3010 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 17:39:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3010 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 17:40:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:40:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-02 17:40:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2828 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 17:40:07 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2828 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:04 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:41:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:42:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:46:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 17:48:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:48:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Administrator Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: DefaultAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: Guest Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4797: An attempt was made to query the existence of a blank password for an account. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Additional Information: Caller Workstation: TENSHI-MEKA Target Account Name: WDAGUtilityAccount Target Account Domain: TENSHI-MEKA
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3734 Process Name: C:\Windows\System32\RuntimeBroker.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 17:57:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:06:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:06:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:10:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:16 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:10:17 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1ba4 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 12288 | 2020-11-02 18:10:28 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x621c Name: C:\Windows\System32\svchost.exe Previous Time: 2020-11-02T16:10:28.3264449Z New Time: 2020-11-02T16:10:28.3269816Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:11:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:11:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:16:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:16:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:16:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:16:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:42 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:16:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 18:17:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 18:18:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:18:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:35:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:35:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:35:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:35:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:36:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:36:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 18:38:30 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:38:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:38:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:43:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:43:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:45:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:45:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 18:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 18:51:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 18:51:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 18:51:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 20:29:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 20:29:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 20:31:05 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 20:43:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 20:43:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 21:28:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-02 23:06:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 23:06:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:06:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 23:06:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:36 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:06:37 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:11:46 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 12544 | 2020-11-02 23:11:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:11:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 23:12:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:12:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:14 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:18 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-02 23:12:54 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0xe2ac Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-02 23:25:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:25:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 23:44:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:44:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x490 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x4cec85 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x7b8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-02 23:44:27 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x27e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-11-02 23:44:31 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13826 | 2020-11-02 23:44:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd994 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-02 23:44:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd994 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b4 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d0 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x318 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-03 13:58:40 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:44 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3e0 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x318 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4ec New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4f4 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x318 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4fc New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4ec Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x544 New Process Name: ????????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x560 New Process Name: ????????????????-??6??c????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4ec Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x57c New Process Name: ???????????????-??6??4????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 13:58:47 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x588 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4f4 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4f4 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xffbd Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4f4 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xffd5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178f9 Linked Logon ID: 0x17944 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17944 Linked Logon ID: 0x178f9 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x560 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x178f9 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x17944 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2020-11-03 13:58:48 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xfdde
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xe40 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xe40 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:51 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:51 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x760 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8136 Process Creation Time: 2020-11-03T11:58:51.2504951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8136 Process Creation Time: 2020-11-03T11:58:51.2504951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8136 Process Creation Time: 2020-11-03T11:58:51.2504951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8136 Process Creation Time: 2020-11-03T11:58:51.2504951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 8136 Process Creation Time: 2020-11-03T11:58:51.2504951Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9718a Linked Logon ID: 0x971fc Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x971fc Linked Logon ID: 0x9718a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x9718a Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:54 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 12290 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Process Information: Process ID: 8984 Process Creation Time: 2020-11-03T11:58:55.3143228Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Process Information: Process ID: 8984 Process Creation Time: 2020-11-03T11:58:55.3143228Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x588 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x97ee5 Linked Logon ID: 0x97f5f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x588 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x97f5f Linked Logon ID: 0x97ee5 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x588 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x97f5f Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x97ee5 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0x97ee5 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x48c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2738 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 13:58:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2738 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:58:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:00 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:02 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 13:59:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:59:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:07 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:09 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:10 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:31 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:44 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 13:59:58 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x9718a User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3860 Process Name: C:\Users\sekanato\opt\chrlauncher\64\bin\chrome.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:00:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:00:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 14:00:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 14:00:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:00:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 14:00:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 14:00:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:00:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 14:00:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:00:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-03 14:01:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x3d30 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 14:01:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x3d30 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:01:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:01:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:50 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:51 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 14:01:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:01:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:01:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:02:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:02:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:09 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:10 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:04:11 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 14:04:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office365.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:05:08 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_office.net Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_office.net Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_office.net Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_office.net Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:05:09 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office.net Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:05:11 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office365.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:05:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:05:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:06:42 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:07:12 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3608 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:07:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:07:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-03 14:07:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x142c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 14:07:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x142c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:07:43 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x3608 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:08:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:08:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:08:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:08:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:08:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:08:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:08:52 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:07 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 12544 | 2020-11-03 14:09:22 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:09:22 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:26 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\caf480ae31fb77ec2a4142578ca356c5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2459 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\caf480ae31fb77ec2a4142578ca356c5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\caf480ae31fb77ec2a4142578ca356c5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 14:09:33 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9464 Process Creation Time: 2020-11-03T11:58:55.5888462Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:34 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:09:35 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:36 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:38 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_aadrm.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_aadrm.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_aadrm.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_aadrm.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:09:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_aadrm.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:10:57 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:11:52 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_skype.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:11:52 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_skype.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:11:52 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_skype.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:11:52 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_skype.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:11:52 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_skype.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:07 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:12 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:13 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:15 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:17 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:19 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_microsoftstream.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_0_microsoftstream.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_2_microsoftstream.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2020-11-03 14:12:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: TB_1_microsoftstream.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:22 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoftstream.com Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:24 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office365.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:12:26 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2778 Process Name: C:\Windows\System32\taskhostw.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:13:56 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:21 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:14:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:14:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 14:14:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:14:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:14:37 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:15:36 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 14:16:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:16:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:26 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:16:55 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-03 14:17:02 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office365.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_sharepoint.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_live.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:20 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_office.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 14:21:23 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:21:25 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 14:22:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x544 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 14:22:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2020-11-03 14:22:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x19a4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 14:22:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x19a4 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:12 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:13 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:23 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:24:52 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1618 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:07 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x1618 Process Name: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:25:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:26:33 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 103 | 2020-11-03 14:27:06 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 12545 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0x971fc This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6cc Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 14:27:06 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x2754 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x68 New Process Name: ??????????????????????4 Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0xb4 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2b4 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2cc New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x314 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2020-11-03 16:35:29 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1849 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1849 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:34 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3dc New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0x10d79 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x460 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x17874 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x5e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1977c Linked Logon ID: 0x197ad Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x197ad Linked Logon ID: 0x1977c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x5e4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1977c Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x197ad Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x458 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x2b4 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x460 New Process Name: ???????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x314 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x468 New Process Name: ??????????????e?????????????????????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x458 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a8 New Process Name: ????????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x460 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4b8 New Process Name: ???????????????-??6??0????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x460 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4c4 New Process Name: ??????????????e?????????????????????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x460 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x10ba7
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xd98 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:37 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xd98 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x6e8 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:38 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1494 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5116 Process Creation Time: 2020-11-03T14:35:38.4980750Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\ba9772ded8dd94be0096bc5332201ff5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5116 Process Creation Time: 2020-11-03T14:35:38.4980750Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5116 Process Creation Time: 2020-11-03T14:35:38.4980750Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5116 Process Creation Time: 2020-11-03T14:35:38.4980750Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 5116 Process Creation Time: 2020-11-03T14:35:38.4980750Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: {6A203701-EFE0-4F71-B932-C6780CEEBA6F} Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x868 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7a74 Linked Logon ID: 0xb7aac Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x868 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 11 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7aac Linked Logon ID: 0xb7a74 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x868 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7f88 Linked Logon ID: 0xb7fbd Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 7 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7fbd Linked Logon ID: 0xb7f88 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\lsass.exe Network Information: Workstation Name: TENSHI-MEKA Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Negotiat Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7fbd Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7f88 Logon Type: 7 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7a74 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: daniel.it.ivanov@outlook.com Account Domain: MicrosoftAccount Logon ID: 0xb7f88 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Changed Attributes: SAM Account Name: - Display Name: Daniel Ivanov User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: - New UAC Value: - User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:45 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x504 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Process Information: Process ID: 8592 Process Creation Time: 2020-11-03T14:35:45.8551077Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\sekanato\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Process Information: Process ID: 8592 Process Creation Time: 2020-11-03T14:35:45.8551077Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x26bc Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:35:46 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x26bc Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2459 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:49 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:50 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Process Information: Process ID: 2416 Process Creation Time: 2020-11-03T14:35:37.5847386Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: SCEPProtocolKey-adf39845-d72f-4a9c-ab75-911b19968312 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\9fe2c29cf0cc5f1a86f7255f461f7781_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2457 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:51 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x275c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 16:35:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:35:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:35:58 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:01 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:29 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:30 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: ca27a269004d8b71 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\c22dbbfb147b69302e9349f6e15bcfeb_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: ca27a269004d8b71 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\caf480ae31fb77ec2a4142578ca356c5_10fc2fa7-d941-4f9a-a65f-db54d217501e Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 9556 Process Creation Time: 2020-11-03T14:35:46.0727184Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: AAD.0164046e-1bc2-4075-b445-1efe845fa3c5 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:31 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: TB_0_microsoft.com Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:32 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:33 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2020-11-03 16:36:46 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7aac Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:37:26 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:37:26 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-500 Account Name: Administrator Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-501 Account Name: Guest Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-503 Account Name: DefaultAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-504 Account Name: WDAGUtilityAccount Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 User: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-583 Group Name: Device Owners Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2020-11-03 16:37:39 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-2450129870-1550963677-1219514353-1001 Account Name: sekanato Account Domain: TENSHI-MEKA Logon ID: 0xb7a74 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x854 Process Name: \Device\HarddiskVolume6\AIDA64Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 12544 | 2020-11-03 16:37:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:37:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2020-11-03 16:37:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2020-11-03 16:37:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: TENSHI-MEKA$ Account Domain: NHVN Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4a8 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2020-11-03 16:37:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2020-11-03 16:37:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | System | Error | None | 2020-10-29 09:40:54 | | Service Control Manager | 7023: The netprofm service terminated with the following error: %%21
|
| | System | Warning | None | 2020-10-29 09:41:59 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Warning | None | 2020-10-29 09:42:00 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 134: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
|
| | System | Error | None | 2020-10-29 09:44:00 | | Service Control Manager | 7030: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
|
| | System | Warning | None | 2020-10-29 09:44:00 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 09:44:04 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2020-10-29 09:46:23 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 09:57:05 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:02:16 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:02:24 | | disk | 153: The IO operation at logical block address 0x1326de30 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:27 | | disk | 153: The IO operation at logical block address 0x13286050 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:28 | | disk | 153: The IO operation at logical block address 0x1326de30 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:32 | | disk | 153: The IO operation at logical block address 0x13259cb8 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:32 | | disk | 153: The IO operation at logical block address 0x132865f8 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:35 | | disk | 153: The IO operation at logical block address 0x12c8b370 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:36 | | disk | 153: The IO operation at logical block address 0x1326de38 for Disk 2 (PDO name: \Device\00000078) was retried.
|
| | System | Warning | None | 2020-10-29 10:02:36 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:52 | | UASPStor | 129: Reset to device, \Device\RaidPort3, was issued.
|
| | System | Warning | None | 2020-10-29 10:02:54 | | disk | 51: An error was detected on device \Device\Harddisk2\DR2 during a paging operation.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | disk | 51: An error was detected on device \Device\Harddisk2\DR2 during a paging operation.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$Secure:$SDS. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$Secure:$SII:$INDEX_ALLOCATION. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$Secure:$SDH:$INDEX_ALLOCATION. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$Mft::$BITMAP. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$RECYCLE.BIN. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:56 | sekanato | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\gog\Divinity - Original Sin Enhanced Edition. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\gog\Divinity - Original Sin Enhanced Edition\Data. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\gog\Divinity - Original Sin Enhanced Edition\Data\Localization. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\gog\Divinity - Original Sin Enhanced Edition\The Divinty Engine Enhanced Edition. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\papps\Documents. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\papps\PortableApps. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:02:57 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file F:\$Mft. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:03:01 | | disk | 153: The IO operation at logical block address 0x0 for Disk 2 (PDO name: \Device\0000007a) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:09 | | disk | 153: The IO operation at logical block address 0x13286030 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:13 | | disk | 153: The IO operation at logical block address 0x13259ca8 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:14 | | disk | 153: The IO operation at logical block address 0x13259cb0 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:15 | | disk | 153: The IO operation at logical block address 0x12c86010 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:16 | | disk | 153: The IO operation at logical block address 0x13259cb0 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:17 | | disk | 153: The IO operation at logical block address 0x13259cb8 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:18 | | disk | 153: The IO operation at logical block address 0x13259ca8 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Warning | None | 2020-10-29 10:03:20 | | disk | 153: The IO operation at logical block address 0x13286000 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Error | None | 2020-10-29 10:03:21 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
|
| | System | Error | 2 | 2020-10-29 10:03:21 | | Ntfs | 137: The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
|
| | System | Warning | None | 2020-10-29 10:03:21 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-29 10:03:25 | | Ntfs | 50: {Delayed Write Failed} Windows was unable to save all the data for the file ?. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
|
| | System | Warning | None | 2020-10-29 10:03:37 | | UASPStor | 129: Reset to device, \Device\RaidPort5, was issued.
|
| | System | Warning | None | 2020-10-29 10:03:37 | | disk | 153: The IO operation at logical block address 0x12c89998 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Error | None | 2020-10-29 10:03:39 | | Service Control Manager | 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
|
| | System | Error | None | 2020-10-29 10:03:41 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:41 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Warning | None | 2020-10-29 10:03:41 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 10:03:42 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume kuroi-hibana. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:03:42 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000021. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:03:42 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:03:45 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:46 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume kuroi-hibana. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:03:46 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000027. The name of the file is "<unable to determine file name>".
|
| | System | Warning | None | 2020-10-29 10:03:48 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume kuroi-hibana. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Error | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 131: The file system structure on volume F: cannot be corrected. Please run the chkdsk utility on the volume F:.
|
| | System | Warning | None | 2020-10-29 10:03:54 | SYSTEM | Ntfs | 132: Too many repair events have occurred in a short period of time. Temporarily suspending posting of further repair events.
|
| | System | Warning | None | 2020-10-29 10:03:58 | | disk | 153: The IO operation at logical block address 0x136ed000 for Disk 2 (PDO name: \Device\0000007b) was retried.
|
| | System | Error | None | 2020-10-29 10:04:02 | | volsnap | 14: The shadow copies of volume F: were aborted because of an IO failure on volume C:.
|
| | System | Warning | None | 2020-10-29 10:04:02 | SYSTEM | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Warning | None | 2020-10-29 10:04:02 | SYSTEM | Microsoft-Windows-Ntfs | 140: The system tried to join a drive to a directory on a substituted drive.
|
| | System | Error | None | 2020-10-29 10:04:14 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Error | 2 | 2020-10-29 10:04:14 | | Ntfs | 137: The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
|
| | System | Warning | None | 2020-10-29 10:04:14 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 10:04:15 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume kuroi-hibana. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:04:15 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000021. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:04:15 | SYSTEM | Ntfs | 55: A corruption was discovered in the file system structure on volume F:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000000024. The name of the file is "<unable to determine file name>".
|
| | System | Error | None | 2020-10-29 10:04:27 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-29 10:04:47 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:05:58 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:06:06 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-29 10:06:30 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_04E8&PID_61F5\MSFT30123456824760.
|
| | System | Warning | None | 2020-10-29 10:06:39 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-1JNQ720\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:20:33 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 10:21:29 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2020-10-29 10:22:11 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:22:43 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 10:23:06 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:06 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:06 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:06 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:46 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:46 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:23:46 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:26:34 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 10:27:12 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 10:27:44 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Armoury Crate Control Interface service to connect.
|
| | System | Error | None | 2020-10-29 10:27:44 | | Service Control Manager | 7000: The Armoury Crate Control Interface service failed to start due to the following error: %%1053
|
| | System | Warning | None | 2020-10-29 10:33:05 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:33:20 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:33:38 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:34:49 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:36:11 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:36:18 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:36:48 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:38:41 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:51:27 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 10:51:59 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 11:12:42 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 11:12:49 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-29 11:13:20 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_0951&PID_1666\001A4D5E864AB281A992B4C2.
|
| | System | Warning | 223 | 2020-10-29 11:13:20 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Windows\System32\MicrosoftEdgeCP.exe with process id 5840 stopped the removal or ejection for the device USB\VID_0951&PID_1666\001A4D5E864AB281A992B4C2.
|
| | System | Warning | 223 | 2020-10-29 11:13:20 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe with process id 6772 stopped the removal or ejection for the device USB\VID_0951&PID_1666\001A4D5E864AB281A992B4C2.
|
| | System | Warning | None | 2020-10-29 11:14:01 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 11:14:08 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 11:14:36 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:37:09 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 52: The time service has set the time with offset 32399 seconds.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:51:33 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:54:46 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 20:55:49 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:05:28 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:06:00 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:14:21 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-29 21:24:03 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_1058&PID_25FF\57583531443438414E5A4437.
|
| | System | Warning | 223 | 2020-10-29 21:24:03 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Windows\System32\notepad.exe with process id 9920 stopped the removal or ejection for the device USB\VID_1058&PID_25FF\57583531443438414E5A4437.
|
| | System | Warning | None | 2020-10-29 21:24:24 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | 212 | 2020-10-29 21:25:11 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-29 21:25:25 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 21:25:36 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:25:36 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:27:20 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:27:20 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:27:20 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:27:35 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | 212 | 2020-10-29 21:27:54 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-29 21:27:59 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:27:59 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:28:05 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 21:29:36 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:29:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:29:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:29:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:37:41 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:45:50 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-29 21:45:51 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-29 21:46:20 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 21:48:01 | | Service Control Manager | 7009: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
|
| | System | Error | None | 2020-10-29 21:48:01 | | Service Control Manager | 7000: The Steam Client Service service failed to start due to the following error: %%1053
|
| | System | Warning | None | 2020-10-29 21:48:02 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:48:52 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 21:52:26 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:02:50 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:03:35 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-29 23:03:53 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Warning | None | 2020-10-29 23:03:55 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | 212 | 2020-10-29 23:04:32 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-29 23:04:34 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-29 23:04:35 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-29 23:04:35 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-29 23:04:37 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:04:37 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:04:42 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 23:06:38 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:06:38 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:06:38 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-29 23:09:19 | sekanato | DCOM | 10010: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
|
| | System | Warning | None | 2020-10-29 23:09:21 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2020-10-29 23:09:42 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | 212 | 2020-10-29 23:09:42 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-29 23:09:45 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-29 23:09:46 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:09:46 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:09:52 | | Netwtw08 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-29 23:11:47 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:11:47 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:11:47 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:12:38 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:33:02 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:36:02 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:42:51 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:42:51 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:42:51 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:42:51 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:42:51 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:43:14 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:48:34 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:52:12 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:52:33 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:53:04 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-29 23:53:11 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-30 00:20:52 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 00:20:52 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe with process id 5020 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | None | 2020-10-30 00:21:26 | | disk | 158: Disk 3 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.
|
| | System | Warning | None | 2020-10-30 00:21:27 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 00:22:09 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 00:30:58 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 00:31:16 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:09:14 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:12:18 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | 1 | 2020-10-30 02:15:48 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.
|
| | System | Warning | None | 2020-10-30 02:16:02 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelWifiIhv08.dll
|
| | System | Warning | None | 2020-10-30 02:16:05 | SYSTEM | Microsoft-Windows-WLAN-AutoConfig | 10002: WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\IntelIHVRouter08.dll
|
| | System | Warning | None | 2020-10-30 02:16:06 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHIGRANT\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:16:12 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | 1 | 2020-10-30 02:18:05 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.
|
| | System | Error | None | 2020-10-30 02:24:30 | | disk | 11: The driver detected a controller error on \Device\Harddisk1\DR1.
|
| | System | Warning | 212 | 2020-10-30 02:25:01 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 02:25:06 | | disk | 158: Disk 3 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.
|
| | System | Warning | None | 2020-10-30 02:25:09 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-30 02:25:10 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-30 02:25:10 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-30 02:25:12 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:25:12 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:25:19 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 02:27:13 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:27:13 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:27:13 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-30 02:33:15 | sekanato | DCOM | 10010: The server Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.
|
| | System | Warning | 212 | 2020-10-30 02:33:48 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 02:33:53 | | disk | 158: Disk 3 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.
|
| | System | Warning | None | 2020-10-30 02:33:55 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Warning | None | 2020-10-30 02:33:56 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-30 02:33:57 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-30 02:34:00 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:34:00 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:34:06 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 02:34:19 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:36:00 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:36:00 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:36:00 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 02:44:00 | | UASPStor | 129: Reset to device, \Device\RaidPort3, was issued.
|
| | System | Warning | None | 2020-10-30 02:51:57 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:06:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:06:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-10-30 03:29:46 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 03:29:51 | | disk | 158: Disk 3 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.
|
| | System | Warning | None | 2020-10-30 03:29:52 | SYSTEM | Microsoft-Windows-Ntfs | 98:
|
| | System | Error | None | 2020-10-30 03:29:55 | | Service Control Manager | 7001: The hns service depends on the VfpExt service which failed to start because of the following error: %%31
|
| | System | Error | None | 2020-10-30 03:29:55 | | Service Control Manager | 7000: The VMSP service failed to start due to the following error: %%1450
|
| | System | Warning | None | 2020-10-30 03:29:55 | SYSTEM | Microsoft-Windows-FilterManager | 4: File System Filter 'wcifs' (Version 10.0, 2027-02-01T04:32:49.0000000Z) failed to attach to volume '\Device\HarddiskVolume7'. The filter returned a non-standard final status of 0xc000000d. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.
|
| | System | Warning | None | 2020-10-30 03:30:03 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 03:30:11 | | UASPStor | 129: Reset to device, \Device\RaidPort3, was issued.
|
| | System | Warning | None | 2020-10-30 03:31:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:31:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:31:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:33:05 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-30 03:39:24 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:39:24 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe with process id 4464 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:39:24 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Windows\System32\dllhost.exe with process id 13096 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:40:31 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:40:31 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe with process id 4464 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:41:01 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application System with process id 4 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | 223 | 2020-10-30 03:41:01 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe with process id 4464 stopped the removal or ejection for the device USB\VID_1058&PID_262F\57584231453939364C325058.
|
| | System | Warning | None | 2020-10-30 03:41:48 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:47:34 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 223 | 2020-10-30 03:47:55 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe with process id 4464 stopped the removal or ejection for the device USB\VID_04E8&PID_61F5\MSFT30123456824760.
|
| | System | Warning | 212 | 2020-10-30 03:48:39 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 03:48:50 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 03:49:17 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:49:44 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:50:45 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:50:45 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:50:45 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:55:39 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 03:59:38 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 04:17:36 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 04:18:37 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 04:30:13 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 04:37:41 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 04:41:36 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 04:46:51 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 05:03:45 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-30 05:03:49 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-30 05:03:49 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Warning | 212 | 2020-10-30 05:05:14 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 05:05:29 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-30 05:07:26 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 05:07:46 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-30 05:10:58 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-30 05:10:58 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Warning | 212 | 2020-10-30 22:43:15 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-30 22:45:30 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:46:31 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:47:19 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 22:48:22 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:08:32 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:08:39 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:15:54 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:31:33 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:31:41 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:32:43 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:32:43 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:33:18 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:33:18 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:33:18 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:33:18 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:34:23 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:34:39 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:34:39 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:35:05 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-30 23:50:03 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-10-31 01:53:35 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-31 01:53:49 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-31 01:55:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 01:55:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 01:55:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 01:56:31 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 01:56:48 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:10:33 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:21:26 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-10-31 02:27:36 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Error | None | 2020-10-31 02:27:36 | sekanato | DCOM | 10010: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
|
| | System | Warning | 212 | 2020-10-31 02:28:11 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-31 02:28:26 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-31 02:28:47 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:30:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:30:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:30:17 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:37:28 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:40:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:47:29 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:53:01 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:53:20 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:54:07 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 02:56:03 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-10-31 17:49:43 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-10-31 17:50:38 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-31 17:51:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 17:51:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 17:51:59 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 17:54:01 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 17:54:11 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 19:11:42 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-10-31 19:24:40 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-10-31 19:47:11 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 1014 | 2020-10-31 19:52:01 | NETWORK SERVICE | Microsoft-Windows-DNS-Client | 1014: Name resolution for the name googleads.g.doubleclick.net timed out after none of the configured DNS servers responded.
|
| | System | Warning | None | 2020-10-31 20:05:21 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | None | 2020-10-31 20:06:39 | | Service Control Manager | 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ArmouryCrateService service.
|
| | System | Warning | None | 2020-10-31 20:18:51 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-11-01 20:30:58 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-11-01 20:31:14 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | None | 2020-11-01 20:31:50 | | Service Control Manager | 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ArmouryCrateService service.
|
| | System | Error | None | 2020-11-01 20:32:20 | | Service Control Manager | 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ArmouryCrateService service.
|
| | System | Error | None | 2020-11-01 20:32:50 | | Service Control Manager | 7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ArmouryCrateService service.
|
| | System | Warning | None | 2020-11-01 20:33:11 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:33:11 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:33:11 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:34:29 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:37:18 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:37:38 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:37:57 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:38:04 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:41:44 | | disk | 158: Disk 2 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue.
|
| | System | Warning | None | 2020-11-01 20:42:08 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:43:58 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-01 20:44:16 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 04:00:38 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 04:10:06 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:28:54 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:36:28 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | 1 | 2020-11-02 05:38:15 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PLK42WD0RC0-Microsoft.Photos.MediaEngineDLC.
|
| | System | Warning | None | 2020-11-02 05:39:31 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:41:23 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:43:21 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:44:54 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:44:54 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:05 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:05 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:49 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:49 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:49 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:50:49 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:56:03 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:56:04 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:56:05 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:56:10 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:56:32 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:57:22 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 05:57:39 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 06:00:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 06:18:28 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-11-02 06:24:16 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-11-02 06:24:27 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Error | None | 2020-11-02 06:25:51 | SYSTEM | DCOM | 10005: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}
|
| | System | Warning | 212 | 2020-11-02 16:40:18 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | 223 | 2020-11-02 16:41:03 | SYSTEM | Microsoft-Windows-Kernel-PnP | 225: The application \Device\HarddiskVolume3\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe with process id 8736 stopped the removal or ejection for the device USB\VID_0B05&PID_1866&MI_02\7&289d55ad&0&0002.
|
| | System | Warning | None | 2020-11-02 16:42:26 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:42:26 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:42:26 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:47:53 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:51:18 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:51:47 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:53:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 16:53:32 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 17:02:16 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 17:17:18 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 17:40:09 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:18:36 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:06 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:06 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:06 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:07 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:07 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:21:07 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:22:13 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:27:23 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:31:10 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 18:35:37 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} and APPID {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 SID (S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-02 23:12:14 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2020-11-02 23:44:31 | SYSTEM | Microsoft-Windows-Bits-Client | 16392: The BITS service failed to start. Error 2147500053.
|
| | System | Warning | 212 | 2020-11-03 13:58:43 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-11-03 13:58:58 | | Netwtw10 | 6062: 6062 - Lso was triggered
|
| | System | Warning | None | 2020-11-03 13:59:19 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:00:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:00:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:00:57 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:06:02 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:06:32 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 14:24:12 | sekanato | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | 212 | 2020-11-03 16:35:31 | SYSTEM | Microsoft-Windows-Kernel-PnP | 219: The driver \Driver\WudfRd failed to load for the device USB\VID_27C6&PID_521D\6&13c452c7&0&3.
|
| | System | Warning | None | 2020-11-03 16:35:47 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:35:47 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:35:47 | LOCAL SERVICE | DCOM | 10016: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:35:47 | LOCAL SERVICE | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:36:30 | sekanato | DCOM | 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user TENSHI-MEKA\sekanato SID (S-1-5-21-2450129870-1550963677-1219514353-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:37:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:37:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Warning | None | 2020-11-03 16:37:42 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|